@rttnd/gau 0.2.5 → 0.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -10
- package/dist/chunk-74C45CUF.js +50 -0
- package/dist/chunk-74C45CUF.js.map +1 -0
- package/dist/chunk-CF7HIKRL.js +2 -0
- package/dist/chunk-CF7HIKRL.js.map +1 -0
- package/dist/client/solid/index.d.ts +9 -5
- package/dist/client/solid/index.d.ts.map +1 -1
- package/dist/client/solid/index.js +1 -1
- package/dist/client/solid/index.js.map +1 -1
- package/dist/client/svelte/index.svelte.d.ts +6 -3
- package/dist/client/svelte/index.svelte.d.ts.map +1 -1
- package/dist/client/svelte/index.svelte.js +1 -1
- package/dist/client/svelte/index.svelte.js.map +1 -1
- package/dist/core/createAuth.d.ts +12 -7
- package/dist/core/createAuth.d.ts.map +1 -1
- package/dist/core/handler.d.ts.map +1 -1
- package/dist/core/index.js +1 -1
- package/dist/index.js +1 -1
- package/dist/jwt/index.js +1 -1
- package/dist/oauth/index.d.ts +3 -3
- package/dist/oauth/index.d.ts.map +1 -1
- package/dist/oauth/index.js +1 -1
- package/dist/oauth/index.js.map +1 -1
- package/dist/oauth/providers/github.d.ts +1 -1
- package/dist/oauth/providers/github.d.ts.map +1 -1
- package/dist/oauth/providers/google.d.ts +1 -1
- package/dist/oauth/providers/google.d.ts.map +1 -1
- package/dist/oauth/providers/microsoft.d.ts +2 -2
- package/dist/oauth/providers/microsoft.d.ts.map +1 -1
- package/dist/runtimes/index.d.ts +0 -1
- package/dist/runtimes/index.d.ts.map +1 -1
- package/dist/runtimes/index.js +1 -1
- package/dist/runtimes/tauri/index.d.ts +1 -1
- package/dist/runtimes/tauri/index.d.ts.map +1 -1
- package/dist/runtimes/tauri/index.js +1 -1
- package/dist/solidstart/index.d.ts +3 -2
- package/dist/solidstart/index.d.ts.map +1 -1
- package/dist/solidstart/index.js +1 -1
- package/dist/solidstart/index.js.map +1 -1
- package/dist/sveltekit/index.d.ts +3 -2
- package/dist/sveltekit/index.d.ts.map +1 -1
- package/dist/sveltekit/index.js +1 -1
- package/dist/sveltekit/index.js.map +1 -1
- package/package.json +1 -5
- package/dist/chunk-5A3NMHJO.js +0 -2
- package/dist/chunk-5A3NMHJO.js.map +0 -1
- package/dist/chunk-JXRUYABI.js +0 -50
- package/dist/chunk-JXRUYABI.js.map +0 -1
- package/dist/chunk-OMD2JMMI.js +0 -2
- package/dist/chunk-OMD2JMMI.js.map +0 -1
- package/dist/runtimes/cloudflare/index.d.ts +0 -7
- package/dist/runtimes/cloudflare/index.d.ts.map +0 -1
- package/dist/runtimes/cloudflare/index.js +0 -2
- package/dist/runtimes/cloudflare/index.js.map +0 -1
package/dist/oauth/index.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{CodeChallengeMethod as U,OAuth2Client as g}from"arctic";var A="https://github.com/login/oauth/authorize",v="https://github.com/login/oauth/access_token",m="https://api.github.com";async function C(
|
|
1
|
+
import{CodeChallengeMethod as U,OAuth2Client as g}from"arctic";var A="https://github.com/login/oauth/authorize",v="https://github.com/login/oauth/access_token",m="https://api.github.com";async function C(e){let r=await(await fetch(`${m}/user`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}})).json(),t=r.email,n=!1,o=await fetch(`${m}/user/emails`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}});if(o.ok){let s=await o.json(),i=s.find(a=>a.primary&&a.verified);if(i)t=i.email,n=!0;else{let a=s.find(l=>l.verified);a&&(t=a.email,n=!0)}}return{id:r.id.toString(),name:r.name??r.login,email:t,emailVerified:n,avatar:r.avatar_url,raw:r}}function b(e){let c=new g(e.clientId,e.clientSecret,e.redirectUri??null);function r(t){return!t||e.redirectUri&&t===e.redirectUri?c:new g(e.clientId,e.clientSecret,t)}return{id:"github",async getAuthorizationUrl(t,n,o){let s=r(o?.redirectUri),i=o?.scopes??e.scope??["user:email"];return await s.createAuthorizationURLWithPKCE(A,t,U.S256,n,i)},async validateCallback(t,n,o){let i=await r(o).validateAuthorizationCode(v,t,n),a=await C(i.accessToken());return{tokens:i,user:a}}}}import{CodeChallengeMethod as O,OAuth2Client as h}from"arctic";var w="https://accounts.google.com/o/oauth2/v2/auth",y="https://oauth2.googleapis.com/token",_="https://openidconnect.googleapis.com/v1/userinfo";async function R(e){let r=await(await fetch(_,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau"}})).json();return{id:r.sub,name:r.name,email:r.email,emailVerified:r.email_verified,avatar:r.picture,raw:r}}function P(e){let c=new h(e.clientId,e.clientSecret,e.redirectUri??null);function r(t){return!t||t===e.redirectUri?c:new h(e.clientId,e.clientSecret,t)}return{id:"google",requiresRedirectUri:!0,async getAuthorizationUrl(t,n,o){let s=r(o?.redirectUri),i=o?.scopes??e.scope??["openid","email","profile"];return await s.createAuthorizationURLWithPKCE(w,t,O.S256,n,i)},async validateCallback(t,n,o){let i=await r(o).validateAuthorizationCode(y,t,n),a=await R(i.accessToken());return{tokens:i,user:a}}}}import{CodeChallengeMethod as k,OAuth2Client as p}from"arctic";var G="https://graph.microsoft.com/v1.0/me",L="https://graph.microsoft.com/v1.0/me/photo/$value";function z(e){let c=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-c.length%4)%4,t=c.padEnd(c.length+r,"="),n=atob(t),o=n.length,s=new Uint8Array(o);for(let i=0;i<o;i++)s[i]=n.charCodeAt(i);return s}async function E(e,c){let t=await(await fetch(G,{headers:{Authorization:`Bearer ${e}`}})).json(),n=t.mail??t.userPrincipalName,o=!1;if(c)try{let a=c.split("."),l=JSON.parse(new TextDecoder().decode(z(a[1]))),u="9188040d-6c67-4c5b-b112-36a304b66dad";if(l.verified_primary_email){let d=Array.isArray(l.verified_primary_email)?l.verified_primary_email[0]:l.verified_primary_email;typeof d=="string"&&(n=d,o=!0)}else(l.tid===u||l.xms_edov===!0)&&(n=l.email??n,o=!0)}catch{}let s=await fetch(L,{headers:{Authorization:`Bearer ${e}`}}),i=null;if(s.ok)try{let a=await s.blob(),l=new FileReader;i=await new Promise((d,f)=>{l.onloadend=()=>d(l.result),l.onerror=f,l.readAsDataURL(a)})}catch{}return{id:t.id,name:t.displayName,email:n,emailVerified:o,avatar:i,raw:t}}function S(e){let c=e.tenant??"common",r=`https://login.microsoftonline.com/${c}/oauth2/v2.0/authorize`,t=`https://login.microsoftonline.com/${c}/oauth2/v2.0/token`,n=new p(e.clientId,e.clientSecret,e.redirectUri??null);function o(s){return!s||s===e.redirectUri?n:new p(e.clientId,e.clientSecret,s)}return{id:"microsoft",requiresRedirectUri:!0,async getAuthorizationUrl(s,i,a){let l=o(a?.redirectUri),u=a?.scopes??e.scope??["openid","profile","email","User.Read"];return await l.createAuthorizationURLWithPKCE(r,s,k.S256,i,u)},async validateCallback(s,i,a){let u=await o(a).validateAuthorizationCode(t,s,i),d=await E(u.accessToken(),u.idToken());return{tokens:u,user:d}}}}export{b as GitHub,P as Google,S as Microsoft};
|
|
2
2
|
//# sourceMappingURL=index.js.map
|
package/dist/oauth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../oauth/providers/github.ts","../../oauth/providers/google.ts","../../oauth/providers/microsoft.ts"],"sourcesContent":["import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize'\nconst GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nconst GITHUB_API_URL = 'https://api.github.com'\n\ninterface GitHubUser {\n id: number\n login: string\n avatar_url: string\n name: string\n email: string | null\n [key: string]: unknown\n}\n\ninterface GitHubEmail {\n email: string\n primary: boolean\n verified: boolean\n visibility: 'public' | 'private' | null\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(`${GITHUB_API_URL}/user`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n const data: GitHubUser = await response.json()\n\n let email: string | null = data.email\n let emailVerified = false\n\n const emailsResponse = await fetch(`${GITHUB_API_URL}/user/emails`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n\n if (emailsResponse.ok) {\n const emails: GitHubEmail[] = await emailsResponse.json()\n const primaryEmail = emails.find(e => e.primary && e.verified)\n if (primaryEmail) {\n email = primaryEmail.email\n emailVerified = true\n }\n else {\n // Fallback to the first verified email if no primary is found\n const verifiedEmail = emails.find(e => e.verified)\n if (verifiedEmail) {\n email = verifiedEmail.email\n emailVerified = true\n }\n }\n }\n\n return {\n id: data.id.toString(),\n name: data.name ?? data.login,\n email,\n emailVerified,\n avatar: data.avatar_url,\n raw: data,\n }\n}\n\nexport function GitHub(config: OAuthProviderConfig): OAuthProvider {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || (config.redirectUri && redirectUri === config.redirectUri))\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'github',\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['user:email']\n const url = await client.createAuthorizationURLWithPKCE(GITHUB_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GITHUB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\r\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\r\n\r\nconst GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\r\nconst GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token'\r\nconst GOOGLE_USERINFO_URL = 'https://openidconnect.googleapis.com/v1/userinfo'\r\n\r\ninterface GoogleUser {\r\n sub: string\r\n name: string\r\n email: string | null\r\n email_verified: boolean\r\n picture: string | null\r\n [key: string]: unknown\r\n}\r\n\r\nasync function getUser(accessToken: string): Promise<AuthUser> {\r\n const response = await fetch(GOOGLE_USERINFO_URL, {\r\n headers: {\r\n 'Authorization': `Bearer ${accessToken}`,\r\n 'User-Agent': 'gau',\r\n },\r\n })\r\n const data: GoogleUser = await response.json()\r\n\r\n return {\r\n id: data.sub,\r\n name: data.name,\r\n email: data.email,\r\n emailVerified: data.email_verified,\r\n avatar: data.picture,\r\n raw: data,\r\n }\r\n}\r\n\r\nexport function Google(config: OAuthProviderConfig): OAuthProvider {\r\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\r\n\r\n function getClient(redirectUri?: string): OAuth2Client {\r\n if (!redirectUri || redirectUri === config.redirectUri)\r\n return defaultClient\r\n\r\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\r\n }\r\n\r\n return {\r\n id: 'google',\r\n requiresRedirectUri: true,\r\n\r\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\r\n const client = getClient(options?.redirectUri)\r\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'email', 'profile']\r\n const url = await client.createAuthorizationURLWithPKCE(GOOGLE_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\r\n return url\r\n },\r\n\r\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\r\n const client = getClient(redirectUri)\r\n const tokens = await client.validateAuthorizationCode(GOOGLE_TOKEN_URL, code, codeVerifier)\r\n const user = await getUser(tokens.accessToken())\r\n return { tokens, user }\r\n },\r\n }\r\n}\r\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc\nconst MICROSOFT_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'\n\n// https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0\nconst MICROSOFT_USER_PHOTO_URL = 'https://graph.microsoft.com/v1.0/me/photo/$value'\n\ninterface MicrosoftEntraIdConfig extends OAuthProviderConfig {\n tenant?: 'common' | 'organizations' | 'consumers' | string\n}\n\ninterface MicrosoftUser {\n id: string\n displayName: string\n mail: string | null\n userPrincipalName: string\n [key: string]: unknown\n}\n\nfunction base64url_decode(str: string): Uint8Array {\n const base64 = str.replace(/-/g, '+').replace(/_/g, '/')\n const padLength = (4 - (base64.length % 4)) % 4\n const padded = base64.padEnd(base64.length + padLength, '=')\n const binary_string = atob(padded)\n const len = binary_string.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++)\n bytes[i] = binary_string.charCodeAt(i)\n\n return bytes\n}\n\nasync function getUser(accessToken: string, idToken: string | null): Promise<AuthUser> {\n const userResponse = await fetch(MICROSOFT_USER_INFO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n const userData: MicrosoftUser = await userResponse.json()\n\n let email: string | null = userData.mail ?? userData.userPrincipalName\n let emailVerified = false\n if (idToken) {\n try {\n const parts = idToken.split('.')\n const payload = JSON.parse(new TextDecoder().decode(base64url_decode(parts[1]!))) as Record<string, any>\n const personalTenantId = '9188040d-6c67-4c5b-b112-36a304b66dad'\n\n // For work/school accounts, the `verified_primary_email` is the source of truth.\n if (payload.verified_primary_email) {\n const primaryEmail = Array.isArray(payload.verified_primary_email)\n ? payload.verified_primary_email[0]\n : payload.verified_primary_email\n\n if (typeof primaryEmail === 'string') {\n email = primaryEmail\n emailVerified = true\n }\n }\n // For personal accounts, the `email` claim is reliable and verified.\n else if (payload.tid === personalTenantId) {\n email = payload.email ?? email\n emailVerified = true\n }\n // Legacy fallback for `xms_edov`.\n else if (payload.xms_edov === true) {\n email = payload.email ?? email\n emailVerified = true\n }\n }\n catch {\n }\n }\n\n const photoResponse = await fetch(MICROSOFT_USER_PHOTO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n\n let avatar: string | null = null\n if (photoResponse.ok) {\n try {\n const blob = await photoResponse.blob()\n const reader = new FileReader()\n const dataUrlPromise = new Promise<string>((resolve, reject) => {\n reader.onloadend = () => resolve(reader.result as string)\n reader.onerror = reject\n reader.readAsDataURL(blob)\n })\n avatar = await dataUrlPromise\n }\n catch {\n }\n }\n\n return {\n id: userData.id,\n name: userData.displayName,\n email,\n emailVerified,\n avatar,\n raw: userData,\n }\n}\n\nexport function MicrosoftEntraId(config: MicrosoftEntraIdConfig): OAuthProvider {\n const tenant = config.tenant ?? 'common'\n\n const authURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`\n const tokenURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`\n\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'microsoft-entra-id',\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'profile', 'email', 'User.Read']\n const url = await client.createAuthorizationURLWithPKCE(authURL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(tokenURL, code, codeVerifier)\n const user = await getUser(tokens.accessToken(), tokens.idToken())\n return { tokens, user }\n },\n }\n}\n"],"mappings":"AACA,OAAS,uBAAAA,EAAqB,gBAAAC,MAAoB,SAElD,IAAMC,EAAkB,2CAClBC,EAAmB,8CACnBC,EAAiB,yBAkBvB,eAAeC,EAAQC,EAAwC,CAQ7D,IAAMC,EAAmB,MAPR,MAAM,MAAM,GAAGH,CAAc,QAAS,CACrD,QAAS,CACP,cAAiB,UAAUE,CAAW,GACtC,aAAc,MACd,OAAU,6BACZ,CACF,CAAC,GACuC,KAAK,EAEzCE,EAAuBD,EAAK,MAC5BE,EAAgB,GAEdC,EAAiB,MAAM,MAAM,GAAGN,CAAc,eAAgB,CAClE,QAAS,CACP,cAAiB,UAAUE,CAAW,GACtC,aAAc,MACd,OAAU,6BACZ,CACF,CAAC,EAED,GAAII,EAAe,GAAI,CACrB,IAAMC,EAAwB,MAAMD,EAAe,KAAK,EAClDE,EAAeD,EAAO,KAAKE,GAAKA,EAAE,SAAWA,EAAE,QAAQ,EAC7D,GAAID,EACFJ,EAAQI,EAAa,MACrBH,EAAgB,OAEb,CAEH,IAAMK,EAAgBH,EAAO,KAAKE,GAAKA,EAAE,QAAQ,EAC7CC,IACFN,EAAQM,EAAc,MACtBL,EAAgB,GAEpB,CACF,CAEA,MAAO,CACL,GAAIF,EAAK,GAAG,SAAS,EACrB,KAAMA,EAAK,MAAQA,EAAK,MACxB,MAAAC,EACA,cAAAC,EACA,OAAQF,EAAK,WACb,IAAKA,CACP,CACF,CAEO,SAASQ,EAAOC,EAA4C,CACjE,IAAMC,EAAgB,IAAIhB,EAAae,EAAO,SAAUA,EAAO,aAAcA,EAAO,aAAe,IAAI,EAEvG,SAASE,EAAUC,EAAoC,CACrD,MAAI,CAACA,GAAgBH,EAAO,aAAeG,IAAgBH,EAAO,YACzDC,EAEF,IAAIhB,EAAae,EAAO,SAAUA,EAAO,aAAcG,CAAW,CAC3E,CAEA,MAAO,CACL,GAAI,SAEJ,MAAM,oBAAoBC,EAAeC,EAAsBC,EAAuD,CACpH,IAAMC,EAASL,EAAUI,GAAS,WAAW,EACvCE,EAASF,GAAS,QAAUN,EAAO,OAAS,CAAC,YAAY,EAE/D,OADY,MAAMO,EAAO,+BAA+BrB,EAAiBkB,EAAOpB,EAAoB,KAAMqB,EAAcG,CAAM,CAEhI,EAEA,MAAM,iBAAiBC,EAAcJ,EAAsBF,EAAsB,CAE/E,IAAMO,EAAS,MADAR,EAAUC,CAAW,EACR,0BAA0BhB,EAAkBsB,EAAMJ,CAAY,EACpFM,EAAO,MAAMtB,EAAQqB,EAAO,YAAY,CAAC,EAC/C,MAAO,CAAE,OAAAA,EAAQ,KAAAC,CAAK,CACxB,CACF,CACF,CCjGA,OAAS,uBAAAC,EAAqB,gBAAAC,MAAoB,SAElD,IAAMC,EAAkB,+CAClBC,EAAmB,sCACnBC,EAAsB,mDAW5B,eAAeC,EAAQC,EAAwC,CAO7D,IAAMC,EAAmB,MANR,MAAM,MAAMH,EAAqB,CAChD,QAAS,CACP,cAAiB,UAAUE,CAAW,GACtC,aAAc,KAChB,CACF,CAAC,GACuC,KAAK,EAE7C,MAAO,CACL,GAAIC,EAAK,IACT,KAAMA,EAAK,KACX,MAAOA,EAAK,MACZ,cAAeA,EAAK,eACpB,OAAQA,EAAK,QACb,IAAKA,CACP,CACF,CAEO,SAASC,EAAOC,EAA4C,CACjE,IAAMC,EAAgB,IAAIT,EAAaQ,EAAO,SAAUA,EAAO,aAAcA,EAAO,aAAe,IAAI,EAEvG,SAASE,EAAUC,EAAoC,CACrD,MAAI,CAACA,GAAeA,IAAgBH,EAAO,YAClCC,EAEF,IAAIT,EAAaQ,EAAO,SAAUA,EAAO,aAAcG,CAAW,CAC3E,CAEA,MAAO,CACL,GAAI,SACJ,oBAAqB,GAErB,MAAM,oBAAoBC,EAAeC,EAAsBC,EAAuD,CACpH,IAAMC,EAASL,EAAUI,GAAS,WAAW,EACvCE,EAASF,GAAS,QAAUN,EAAO,OAAS,CAAC,SAAU,QAAS,SAAS,EAE/E,OADY,MAAMO,EAAO,+BAA+Bd,EAAiBW,EAAOb,EAAoB,KAAMc,EAAcG,CAAM,CAEhI,EAEA,MAAM,iBAAiBC,EAAcJ,EAAsBF,EAAsB,CAE/E,IAAMO,EAAS,MADAR,EAAUC,CAAW,EACR,0BAA0BT,EAAkBe,EAAMJ,CAAY,EACpFM,EAAO,MAAMf,EAAQc,EAAO,YAAY,CAAC,EAC/C,MAAO,CAAE,OAAAA,EAAQ,KAAAC,CAAK,CACxB,CACF,CACF,CC9DA,OAAS,uBAAAC,EAAqB,gBAAAC,MAAoB,SAGlD,IAAMC,EAA0B,sCAG1BC,EAA2B,mDAcjC,SAASC,EAAiBC,EAAyB,CACjD,IAAMC,EAASD,EAAI,QAAQ,KAAM,GAAG,EAAE,QAAQ,KAAM,GAAG,EACjDE,GAAa,EAAKD,EAAO,OAAS,GAAM,EACxCE,EAASF,EAAO,OAAOA,EAAO,OAASC,EAAW,GAAG,EACrDE,EAAgB,KAAKD,CAAM,EAC3BE,EAAMD,EAAc,OACpBE,EAAQ,IAAI,WAAWD,CAAG,EAChC,QAAS,EAAI,EAAG,EAAIA,EAAK,IACvBC,EAAM,CAAC,EAAIF,EAAc,WAAW,CAAC,EAEvC,OAAOE,CACT,CAEA,eAAeC,EAAQC,EAAqBC,EAA2C,CAMrF,IAAMC,EAA0B,MALX,MAAM,MAAMb,EAAyB,CACxD,QAAS,CACP,cAAe,UAAUW,CAAW,EACtC,CACF,CAAC,GACkD,KAAK,EAEpDG,EAAuBD,EAAS,MAAQA,EAAS,kBACjDE,EAAgB,GACpB,GAAIH,EACF,GAAI,CACF,IAAMI,EAAQJ,EAAQ,MAAM,GAAG,EACzBK,EAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAOf,EAAiBc,EAAM,CAAC,CAAE,CAAC,CAAC,EAC1EE,EAAmB,uCAGzB,GAAID,EAAQ,uBAAwB,CAClC,IAAME,EAAe,MAAM,QAAQF,EAAQ,sBAAsB,EAC7DA,EAAQ,uBAAuB,CAAC,EAChCA,EAAQ,uBAER,OAAOE,GAAiB,WAC1BL,EAAQK,EACRJ,EAAgB,GAEpB,MAESE,EAAQ,MAAQC,GAKhBD,EAAQ,WAAa,MAC5BH,EAAQG,EAAQ,OAASH,EACzBC,EAAgB,GAEpB,MACM,CACN,CAGF,IAAMK,EAAgB,MAAM,MAAMnB,EAA0B,CAC1D,QAAS,CACP,cAAe,UAAUU,CAAW,EACtC,CACF,CAAC,EAEGU,EAAwB,KAC5B,GAAID,EAAc,GAChB,GAAI,CACF,IAAME,EAAO,MAAMF,EAAc,KAAK,EAChCG,EAAS,IAAI,WAMnBF,EAAS,MALc,IAAI,QAAgB,CAACG,EAASC,IAAW,CAC9DF,EAAO,UAAY,IAAMC,EAAQD,EAAO,MAAgB,EACxDA,EAAO,QAAUE,EACjBF,EAAO,cAAcD,CAAI,CAC3B,CAAC,CAEH,MACM,CACN,CAGF,MAAO,CACL,GAAIT,EAAS,GACb,KAAMA,EAAS,YACf,MAAAC,EACA,cAAAC,EACA,OAAAM,EACA,IAAKR,CACP,CACF,CAEO,SAASa,EAAiBC,EAA+C,CAC9E,IAAMC,EAASD,EAAO,QAAU,SAE1BE,EAAU,qCAAqCD,CAAM,yBACrDE,EAAW,qCAAqCF,CAAM,qBAEtDG,EAAgB,IAAIhC,EAAa4B,EAAO,SAAUA,EAAO,aAAcA,EAAO,aAAe,IAAI,EAEvG,SAASK,EAAUC,EAAoC,CACrD,MAAI,CAACA,GAAeA,IAAgBN,EAAO,YAClCI,EAEF,IAAIhC,EAAa4B,EAAO,SAAUA,EAAO,aAAcM,CAAW,CAC3E,CAEA,MAAO,CACL,GAAI,qBACJ,oBAAqB,GAErB,MAAM,oBAAoBC,EAAeC,EAAsBC,EAAuD,CACpH,IAAMC,EAASL,EAAUI,GAAS,WAAW,EACvCE,EAASF,GAAS,QAAUT,EAAO,OAAS,CAAC,SAAU,UAAW,QAAS,WAAW,EAE5F,OADY,MAAMU,EAAO,+BAA+BR,EAASK,EAAOpC,EAAoB,KAAMqC,EAAcG,CAAM,CAExH,EAEA,MAAM,iBAAiBC,EAAcJ,EAAsBF,EAAsB,CAE/E,IAAMO,EAAS,MADAR,EAAUC,CAAW,EACR,0BAA0BH,EAAUS,EAAMJ,CAAY,EAC5EM,EAAO,MAAM/B,EAAQ8B,EAAO,YAAY,EAAGA,EAAO,QAAQ,CAAC,EACjE,MAAO,CAAE,OAAAA,EAAQ,KAAAC,CAAK,CACxB,CACF,CACF","names":["CodeChallengeMethod","OAuth2Client","GITHUB_AUTH_URL","GITHUB_TOKEN_URL","GITHUB_API_URL","getUser","accessToken","data","email","emailVerified","emailsResponse","emails","primaryEmail","e","verifiedEmail","GitHub","config","defaultClient","getClient","redirectUri","state","codeVerifier","options","client","scopes","code","tokens","user","CodeChallengeMethod","OAuth2Client","GOOGLE_AUTH_URL","GOOGLE_TOKEN_URL","GOOGLE_USERINFO_URL","getUser","accessToken","data","Google","config","defaultClient","getClient","redirectUri","state","codeVerifier","options","client","scopes","code","tokens","user","CodeChallengeMethod","OAuth2Client","MICROSOFT_USER_INFO_URL","MICROSOFT_USER_PHOTO_URL","base64url_decode","str","base64","padLength","padded","binary_string","len","bytes","getUser","accessToken","idToken","userData","email","emailVerified","parts","payload","personalTenantId","primaryEmail","photoResponse","avatar","blob","reader","resolve","reject","MicrosoftEntraId","config","tenant","authURL","tokenURL","defaultClient","getClient","redirectUri","state","codeVerifier","options","client","scopes","code","tokens","user"]}
|
|
1
|
+
{"version":3,"sources":["../../oauth/providers/github.ts","../../oauth/providers/google.ts","../../oauth/providers/microsoft.ts"],"sourcesContent":["import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize'\nconst GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nconst GITHUB_API_URL = 'https://api.github.com'\n\ninterface GitHubUser {\n id: number\n login: string\n avatar_url: string\n name: string\n email: string | null\n [key: string]: unknown\n}\n\ninterface GitHubEmail {\n email: string\n primary: boolean\n verified: boolean\n visibility: 'public' | 'private' | null\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(`${GITHUB_API_URL}/user`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n const data: GitHubUser = await response.json()\n\n let email: string | null = data.email\n let emailVerified = false\n\n const emailsResponse = await fetch(`${GITHUB_API_URL}/user/emails`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n\n if (emailsResponse.ok) {\n const emails: GitHubEmail[] = await emailsResponse.json()\n const primaryEmail = emails.find(e => e.primary && e.verified)\n if (primaryEmail) {\n email = primaryEmail.email\n emailVerified = true\n }\n else {\n // Fallback to the first verified email if no primary is found\n const verifiedEmail = emails.find(e => e.verified)\n if (verifiedEmail) {\n email = verifiedEmail.email\n emailVerified = true\n }\n }\n }\n\n return {\n id: data.id.toString(),\n name: data.name ?? data.login,\n email,\n emailVerified,\n avatar: data.avatar_url,\n raw: data,\n }\n}\n\nexport function GitHub(config: OAuthProviderConfig): OAuthProvider<'github'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || (config.redirectUri && redirectUri === config.redirectUri))\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'github',\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['user:email']\n const url = await client.createAuthorizationURLWithPKCE(GITHUB_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GITHUB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\r\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\r\n\r\nconst GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\r\nconst GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token'\r\nconst GOOGLE_USERINFO_URL = 'https://openidconnect.googleapis.com/v1/userinfo'\r\n\r\ninterface GoogleUser {\r\n sub: string\r\n name: string\r\n email: string | null\r\n email_verified: boolean\r\n picture: string | null\r\n [key: string]: unknown\r\n}\r\n\r\nasync function getUser(accessToken: string): Promise<AuthUser> {\r\n const response = await fetch(GOOGLE_USERINFO_URL, {\r\n headers: {\r\n 'Authorization': `Bearer ${accessToken}`,\r\n 'User-Agent': 'gau',\r\n },\r\n })\r\n const data: GoogleUser = await response.json()\r\n\r\n return {\r\n id: data.sub,\r\n name: data.name,\r\n email: data.email,\r\n emailVerified: data.email_verified,\r\n avatar: data.picture,\r\n raw: data,\r\n }\r\n}\r\n\r\nexport function Google(config: OAuthProviderConfig): OAuthProvider<'google'> {\r\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\r\n\r\n function getClient(redirectUri?: string): OAuth2Client {\r\n if (!redirectUri || redirectUri === config.redirectUri)\r\n return defaultClient\r\n\r\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\r\n }\r\n\r\n return {\r\n id: 'google',\r\n requiresRedirectUri: true,\r\n\r\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\r\n const client = getClient(options?.redirectUri)\r\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'email', 'profile']\r\n const url = await client.createAuthorizationURLWithPKCE(GOOGLE_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\r\n return url\r\n },\r\n\r\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\r\n const client = getClient(redirectUri)\r\n const tokens = await client.validateAuthorizationCode(GOOGLE_TOKEN_URL, code, codeVerifier)\r\n const user = await getUser(tokens.accessToken())\r\n return { tokens, user }\r\n },\r\n }\r\n}\r\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc\nconst MICROSOFT_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'\n\n// https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0\nconst MICROSOFT_USER_PHOTO_URL = 'https://graph.microsoft.com/v1.0/me/photo/$value'\n\ninterface MicrosoftConfig extends OAuthProviderConfig {\n tenant?: 'common' | 'organizations' | 'consumers' | string\n}\n\ninterface MicrosoftUser {\n id: string\n displayName: string\n mail: string | null\n userPrincipalName: string\n [key: string]: unknown\n}\n\nfunction base64url_decode(str: string): Uint8Array {\n const base64 = str.replace(/-/g, '+').replace(/_/g, '/')\n const padLength = (4 - (base64.length % 4)) % 4\n const padded = base64.padEnd(base64.length + padLength, '=')\n const binary_string = atob(padded)\n const len = binary_string.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++)\n bytes[i] = binary_string.charCodeAt(i)\n\n return bytes\n}\n\nasync function getUser(accessToken: string, idToken: string | null): Promise<AuthUser> {\n const userResponse = await fetch(MICROSOFT_USER_INFO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n const userData: MicrosoftUser = await userResponse.json()\n\n let email: string | null = userData.mail ?? userData.userPrincipalName\n let emailVerified = false\n if (idToken) {\n try {\n const parts = idToken.split('.')\n const payload = JSON.parse(new TextDecoder().decode(base64url_decode(parts[1]!))) as Record<string, any>\n const personalTenantId = '9188040d-6c67-4c5b-b112-36a304b66dad'\n\n // For work/school accounts, the `verified_primary_email` is the source of truth.\n if (payload.verified_primary_email) {\n const primaryEmail = Array.isArray(payload.verified_primary_email)\n ? payload.verified_primary_email[0]\n : payload.verified_primary_email\n\n if (typeof primaryEmail === 'string') {\n email = primaryEmail\n emailVerified = true\n }\n }\n // For personal accounts, the `email` claim is reliable and verified.\n else if (payload.tid === personalTenantId) {\n email = payload.email ?? email\n emailVerified = true\n }\n // Legacy fallback for `xms_edov`.\n else if (payload.xms_edov === true) {\n email = payload.email ?? email\n emailVerified = true\n }\n }\n catch {\n }\n }\n\n const photoResponse = await fetch(MICROSOFT_USER_PHOTO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n\n let avatar: string | null = null\n if (photoResponse.ok) {\n try {\n const blob = await photoResponse.blob()\n const reader = new FileReader()\n const dataUrlPromise = new Promise<string>((resolve, reject) => {\n reader.onloadend = () => resolve(reader.result as string)\n reader.onerror = reject\n reader.readAsDataURL(blob)\n })\n avatar = await dataUrlPromise\n }\n catch {\n }\n }\n\n return {\n id: userData.id,\n name: userData.displayName,\n email,\n emailVerified,\n avatar,\n raw: userData,\n }\n}\n\nexport function Microsoft(config: MicrosoftConfig): OAuthProvider<'microsoft'> {\n const tenant = config.tenant ?? 'common'\n\n const authURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`\n const tokenURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`\n\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'microsoft',\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'profile', 'email', 'User.Read']\n const url = await client.createAuthorizationURLWithPKCE(authURL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(tokenURL, code, codeVerifier)\n const user = await getUser(tokens.accessToken(), tokens.idToken())\n return { tokens, user }\n },\n }\n}\n"],"mappings":"AACA,OAAS,uBAAAA,EAAqB,gBAAAC,MAAoB,SAElD,IAAMC,EAAkB,2CAClBC,EAAmB,8CACnBC,EAAiB,yBAkBvB,eAAeC,EAAQC,EAAwC,CAQ7D,IAAMC,EAAmB,MAPR,MAAM,MAAM,GAAGH,CAAc,QAAS,CACrD,QAAS,CACP,cAAiB,UAAUE,CAAW,GACtC,aAAc,MACd,OAAU,6BACZ,CACF,CAAC,GACuC,KAAK,EAEzCE,EAAuBD,EAAK,MAC5BE,EAAgB,GAEdC,EAAiB,MAAM,MAAM,GAAGN,CAAc,eAAgB,CAClE,QAAS,CACP,cAAiB,UAAUE,CAAW,GACtC,aAAc,MACd,OAAU,6BACZ,CACF,CAAC,EAED,GAAII,EAAe,GAAI,CACrB,IAAMC,EAAwB,MAAMD,EAAe,KAAK,EAClDE,EAAeD,EAAO,KAAKE,GAAKA,EAAE,SAAWA,EAAE,QAAQ,EAC7D,GAAID,EACFJ,EAAQI,EAAa,MACrBH,EAAgB,OAEb,CAEH,IAAMK,EAAgBH,EAAO,KAAKE,GAAKA,EAAE,QAAQ,EAC7CC,IACFN,EAAQM,EAAc,MACtBL,EAAgB,GAEpB,CACF,CAEA,MAAO,CACL,GAAIF,EAAK,GAAG,SAAS,EACrB,KAAMA,EAAK,MAAQA,EAAK,MACxB,MAAAC,EACA,cAAAC,EACA,OAAQF,EAAK,WACb,IAAKA,CACP,CACF,CAEO,SAASQ,EAAOC,EAAsD,CAC3E,IAAMC,EAAgB,IAAIhB,EAAae,EAAO,SAAUA,EAAO,aAAcA,EAAO,aAAe,IAAI,EAEvG,SAASE,EAAUC,EAAoC,CACrD,MAAI,CAACA,GAAgBH,EAAO,aAAeG,IAAgBH,EAAO,YACzDC,EAEF,IAAIhB,EAAae,EAAO,SAAUA,EAAO,aAAcG,CAAW,CAC3E,CAEA,MAAO,CACL,GAAI,SAEJ,MAAM,oBAAoBC,EAAeC,EAAsBC,EAAuD,CACpH,IAAMC,EAASL,EAAUI,GAAS,WAAW,EACvCE,EAASF,GAAS,QAAUN,EAAO,OAAS,CAAC,YAAY,EAE/D,OADY,MAAMO,EAAO,+BAA+BrB,EAAiBkB,EAAOpB,EAAoB,KAAMqB,EAAcG,CAAM,CAEhI,EAEA,MAAM,iBAAiBC,EAAcJ,EAAsBF,EAAsB,CAE/E,IAAMO,EAAS,MADAR,EAAUC,CAAW,EACR,0BAA0BhB,EAAkBsB,EAAMJ,CAAY,EACpFM,EAAO,MAAMtB,EAAQqB,EAAO,YAAY,CAAC,EAC/C,MAAO,CAAE,OAAAA,EAAQ,KAAAC,CAAK,CACxB,CACF,CACF,CCjGA,OAAS,uBAAAC,EAAqB,gBAAAC,MAAoB,SAElD,IAAMC,EAAkB,+CAClBC,EAAmB,sCACnBC,EAAsB,mDAW5B,eAAeC,EAAQC,EAAwC,CAO7D,IAAMC,EAAmB,MANR,MAAM,MAAMH,EAAqB,CAChD,QAAS,CACP,cAAiB,UAAUE,CAAW,GACtC,aAAc,KAChB,CACF,CAAC,GACuC,KAAK,EAE7C,MAAO,CACL,GAAIC,EAAK,IACT,KAAMA,EAAK,KACX,MAAOA,EAAK,MACZ,cAAeA,EAAK,eACpB,OAAQA,EAAK,QACb,IAAKA,CACP,CACF,CAEO,SAASC,EAAOC,EAAsD,CAC3E,IAAMC,EAAgB,IAAIT,EAAaQ,EAAO,SAAUA,EAAO,aAAcA,EAAO,aAAe,IAAI,EAEvG,SAASE,EAAUC,EAAoC,CACrD,MAAI,CAACA,GAAeA,IAAgBH,EAAO,YAClCC,EAEF,IAAIT,EAAaQ,EAAO,SAAUA,EAAO,aAAcG,CAAW,CAC3E,CAEA,MAAO,CACL,GAAI,SACJ,oBAAqB,GAErB,MAAM,oBAAoBC,EAAeC,EAAsBC,EAAuD,CACpH,IAAMC,EAASL,EAAUI,GAAS,WAAW,EACvCE,EAASF,GAAS,QAAUN,EAAO,OAAS,CAAC,SAAU,QAAS,SAAS,EAE/E,OADY,MAAMO,EAAO,+BAA+Bd,EAAiBW,EAAOb,EAAoB,KAAMc,EAAcG,CAAM,CAEhI,EAEA,MAAM,iBAAiBC,EAAcJ,EAAsBF,EAAsB,CAE/E,IAAMO,EAAS,MADAR,EAAUC,CAAW,EACR,0BAA0BT,EAAkBe,EAAMJ,CAAY,EACpFM,EAAO,MAAMf,EAAQc,EAAO,YAAY,CAAC,EAC/C,MAAO,CAAE,OAAAA,EAAQ,KAAAC,CAAK,CACxB,CACF,CACF,CC9DA,OAAS,uBAAAC,EAAqB,gBAAAC,MAAoB,SAGlD,IAAMC,EAA0B,sCAG1BC,EAA2B,mDAcjC,SAASC,EAAiBC,EAAyB,CACjD,IAAMC,EAASD,EAAI,QAAQ,KAAM,GAAG,EAAE,QAAQ,KAAM,GAAG,EACjDE,GAAa,EAAKD,EAAO,OAAS,GAAM,EACxCE,EAASF,EAAO,OAAOA,EAAO,OAASC,EAAW,GAAG,EACrDE,EAAgB,KAAKD,CAAM,EAC3BE,EAAMD,EAAc,OACpBE,EAAQ,IAAI,WAAWD,CAAG,EAChC,QAAS,EAAI,EAAG,EAAIA,EAAK,IACvBC,EAAM,CAAC,EAAIF,EAAc,WAAW,CAAC,EAEvC,OAAOE,CACT,CAEA,eAAeC,EAAQC,EAAqBC,EAA2C,CAMrF,IAAMC,EAA0B,MALX,MAAM,MAAMb,EAAyB,CACxD,QAAS,CACP,cAAe,UAAUW,CAAW,EACtC,CACF,CAAC,GACkD,KAAK,EAEpDG,EAAuBD,EAAS,MAAQA,EAAS,kBACjDE,EAAgB,GACpB,GAAIH,EACF,GAAI,CACF,IAAMI,EAAQJ,EAAQ,MAAM,GAAG,EACzBK,EAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAOf,EAAiBc,EAAM,CAAC,CAAE,CAAC,CAAC,EAC1EE,EAAmB,uCAGzB,GAAID,EAAQ,uBAAwB,CAClC,IAAME,EAAe,MAAM,QAAQF,EAAQ,sBAAsB,EAC7DA,EAAQ,uBAAuB,CAAC,EAChCA,EAAQ,uBAER,OAAOE,GAAiB,WAC1BL,EAAQK,EACRJ,EAAgB,GAEpB,MAESE,EAAQ,MAAQC,GAKhBD,EAAQ,WAAa,MAC5BH,EAAQG,EAAQ,OAASH,EACzBC,EAAgB,GAEpB,MACM,CACN,CAGF,IAAMK,EAAgB,MAAM,MAAMnB,EAA0B,CAC1D,QAAS,CACP,cAAe,UAAUU,CAAW,EACtC,CACF,CAAC,EAEGU,EAAwB,KAC5B,GAAID,EAAc,GAChB,GAAI,CACF,IAAME,EAAO,MAAMF,EAAc,KAAK,EAChCG,EAAS,IAAI,WAMnBF,EAAS,MALc,IAAI,QAAgB,CAACG,EAASC,IAAW,CAC9DF,EAAO,UAAY,IAAMC,EAAQD,EAAO,MAAgB,EACxDA,EAAO,QAAUE,EACjBF,EAAO,cAAcD,CAAI,CAC3B,CAAC,CAEH,MACM,CACN,CAGF,MAAO,CACL,GAAIT,EAAS,GACb,KAAMA,EAAS,YACf,MAAAC,EACA,cAAAC,EACA,OAAAM,EACA,IAAKR,CACP,CACF,CAEO,SAASa,EAAUC,EAAqD,CAC7E,IAAMC,EAASD,EAAO,QAAU,SAE1BE,EAAU,qCAAqCD,CAAM,yBACrDE,EAAW,qCAAqCF,CAAM,qBAEtDG,EAAgB,IAAIhC,EAAa4B,EAAO,SAAUA,EAAO,aAAcA,EAAO,aAAe,IAAI,EAEvG,SAASK,EAAUC,EAAoC,CACrD,MAAI,CAACA,GAAeA,IAAgBN,EAAO,YAClCI,EAEF,IAAIhC,EAAa4B,EAAO,SAAUA,EAAO,aAAcM,CAAW,CAC3E,CAEA,MAAO,CACL,GAAI,YACJ,oBAAqB,GAErB,MAAM,oBAAoBC,EAAeC,EAAsBC,EAAuD,CACpH,IAAMC,EAASL,EAAUI,GAAS,WAAW,EACvCE,EAASF,GAAS,QAAUT,EAAO,OAAS,CAAC,SAAU,UAAW,QAAS,WAAW,EAE5F,OADY,MAAMU,EAAO,+BAA+BR,EAASK,EAAOpC,EAAoB,KAAMqC,EAAcG,CAAM,CAExH,EAEA,MAAM,iBAAiBC,EAAcJ,EAAsBF,EAAsB,CAE/E,IAAMO,EAAS,MADAR,EAAUC,CAAW,EACR,0BAA0BH,EAAUS,EAAMJ,CAAY,EAC5EM,EAAO,MAAM/B,EAAQ8B,EAAO,YAAY,EAAGA,EAAO,QAAQ,CAAC,EACjE,MAAO,CAAE,OAAAA,EAAQ,KAAAC,CAAK,CACxB,CACF,CACF","names":["CodeChallengeMethod","OAuth2Client","GITHUB_AUTH_URL","GITHUB_TOKEN_URL","GITHUB_API_URL","getUser","accessToken","data","email","emailVerified","emailsResponse","emails","primaryEmail","e","verifiedEmail","GitHub","config","defaultClient","getClient","redirectUri","state","codeVerifier","options","client","scopes","code","tokens","user","CodeChallengeMethod","OAuth2Client","GOOGLE_AUTH_URL","GOOGLE_TOKEN_URL","GOOGLE_USERINFO_URL","getUser","accessToken","data","Google","config","defaultClient","getClient","redirectUri","state","codeVerifier","options","client","scopes","code","tokens","user","CodeChallengeMethod","OAuth2Client","MICROSOFT_USER_INFO_URL","MICROSOFT_USER_PHOTO_URL","base64url_decode","str","base64","padLength","padded","binary_string","len","bytes","getUser","accessToken","idToken","userData","email","emailVerified","parts","payload","personalTenantId","primaryEmail","photoResponse","avatar","blob","reader","resolve","reject","Microsoft","config","tenant","authURL","tokenURL","defaultClient","getClient","redirectUri","state","codeVerifier","options","client","scopes","code","tokens","user"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../oauth/providers/github.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAuE5E,wBAAgB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,
|
|
1
|
+
{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../oauth/providers/github.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAuE5E,wBAAgB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CAAC,QAAQ,CAAC,CA2B3E"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../oauth/providers/google.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAmC5E,wBAAgB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,
|
|
1
|
+
{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../oauth/providers/google.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAmC5E,wBAAgB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CAAC,QAAQ,CAAC,CA4B3E"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import type { OAuthProvider, OAuthProviderConfig } from '../index';
|
|
2
|
-
interface
|
|
2
|
+
interface MicrosoftConfig extends OAuthProviderConfig {
|
|
3
3
|
tenant?: 'common' | 'organizations' | 'consumers' | string;
|
|
4
4
|
}
|
|
5
|
-
export declare function
|
|
5
|
+
export declare function Microsoft(config: MicrosoftConfig): OAuthProvider<'microsoft'>;
|
|
6
6
|
export {};
|
|
7
7
|
//# sourceMappingURL=microsoft.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../../oauth/providers/microsoft.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAS5E,UAAU,
|
|
1
|
+
{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../../oauth/providers/microsoft.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAS5E,UAAU,eAAgB,SAAQ,mBAAmB;IACnD,MAAM,CAAC,EAAE,QAAQ,GAAG,eAAe,GAAG,WAAW,GAAG,MAAM,CAAA;CAC3D;AAiGD,wBAAgB,SAAS,CAAC,MAAM,EAAE,eAAe,GAAG,aAAa,CAAC,WAAW,CAAC,CAiC7E"}
|
package/dist/runtimes/index.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../runtimes/index.ts"],"names":[],"mappings":"AAAA,cAAc,OAAO,CAAA;AACrB,cAAc,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../runtimes/index.ts"],"names":[],"mappings":"AAAA,cAAc,OAAO,CAAA;AACrB,cAAc,SAAS,CAAA"}
|
package/dist/runtimes/index.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{a as
|
|
1
|
+
import{a as r,b as e,c as f,d as m,e as p,f as t,g as x}from"../chunk-CF7HIKRL.js";import{a as o}from"../chunk-LWBWVQD2.js";export{o as _bunRuntimePlaceholder,x as clearSessionToken,t as getSessionToken,m as handleTauriDeepLink,r as isTauri,f as setupTauriListener,e as signInWithTauri,p as storeSessionToken};
|
|
2
2
|
//# sourceMappingURL=index.js.map
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export declare const isTauri: boolean;
|
|
2
|
-
export declare function signInWithTauri(provider: string, baseUrl: string, scheme?: string): Promise<void>;
|
|
2
|
+
export declare function signInWithTauri(provider: string, baseUrl: string, scheme?: string, redirectOverride?: string): Promise<void>;
|
|
3
3
|
export declare function setupTauriListener(handler: (url: string) => Promise<void>): void;
|
|
4
4
|
export declare function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void): void;
|
|
5
5
|
export declare function storeSessionToken(token: string): void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../runtimes/tauri/index.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,OAAO,SAA6C,CAAA;AAEjE,wBAAsB,eAAe,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../runtimes/tauri/index.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,OAAO,SAA6C,CAAA;AAEjE,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,MAAM,GAAE,MAAc,EACtB,gBAAgB,CAAC,EAAE,MAAM,iBAsB1B;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,QAOzE;AAED,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,QAQjH;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,QAQ9C;AAED,wBAAgB,eAAe,IAAI,MAAM,GAAG,IAAI,CAI/C;AAED,wBAAgB,iBAAiB,SAQhC"}
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{a,b,c,d,e,f,g}from"../../chunk-
|
|
1
|
+
import{a,b,c,d,e,f,g}from"../../chunk-CF7HIKRL.js";export{g as clearSessionToken,f as getSessionToken,d as handleTauriDeepLink,a as isTauri,c as setupTauriListener,b as signInWithTauri,e as storeSessionToken};
|
|
2
2
|
//# sourceMappingURL=index.js.map
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import type { CreateAuthOptions } from '../core';
|
|
2
|
+
import type { OAuthProvider } from '../oauth';
|
|
2
3
|
import { createAuth } from '../core';
|
|
3
|
-
type AuthInstance = ReturnType<typeof createAuth
|
|
4
|
+
type AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>;
|
|
4
5
|
/**
|
|
5
6
|
* Creates GET and POST handlers for SolidStart.
|
|
6
7
|
*
|
|
@@ -13,7 +14,7 @@ type AuthInstance = ReturnType<typeof createAuth>;
|
|
|
13
14
|
* export const { GET, POST } = SolidAuth(authOptions)
|
|
14
15
|
* ```
|
|
15
16
|
*/
|
|
16
|
-
export declare function SolidAuth(optionsOrAuth: CreateAuthOptions | AuthInstance): {
|
|
17
|
+
export declare function SolidAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>): {
|
|
17
18
|
GET: (event: any) => Promise<import("..").ResponseLike>;
|
|
18
19
|
POST: (event: any) => Promise<import("..").ResponseLike>;
|
|
19
20
|
OPTIONS: (event: any) => Promise<import("..").ResponseLike>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../solidstart/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAA;AAChD,OAAO,EAAE,UAAU,EAAiB,MAAM,SAAS,CAAA;AAEnD,KAAK,YAAY,GAAG,UAAU,CAAC,OAAO,UAAU,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../solidstart/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAA;AAChD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAiB,MAAM,SAAS,CAAA;AAEnD,KAAK,YAAY,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,IAAI,UAAU,CAAC,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;AAEtG;;;;;;;;;;;GAWG;AACH,wBAAgB,SAAS,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC;;;;EAe/I"}
|
package/dist/solidstart/index.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{k as
|
|
1
|
+
import{k as r,l as n}from"../chunk-74C45CUF.js";function c(e){let o="providerMap"in e&&"signJWT"in e?e:r(e),s=n(o),t=a=>s(a.request);return{GET:t,POST:t,OPTIONS:t}}export{c as SolidAuth};
|
|
2
2
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../solidstart/index.ts"],"sourcesContent":["import type { CreateAuthOptions } from '../core'\r\nimport { createAuth, createHandler } from '../core'\r\n\r\ntype AuthInstance = ReturnType<typeof createAuth
|
|
1
|
+
{"version":3,"sources":["../../solidstart/index.ts"],"sourcesContent":["import type { CreateAuthOptions } from '../core'\r\nimport type { OAuthProvider } from '../oauth'\r\nimport { createAuth, createHandler } from '../core'\r\n\r\ntype AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>\r\n\r\n/**\r\n * Creates GET and POST handlers for SolidStart.\r\n *\r\n * @example\r\n * ```ts\r\n * // src/routes/api/auth/[...auth].ts\r\n * import { SolidAuth } from '@rttnd/gau/solid-start'\r\n * import { authOptions } from '~/server/auth'\r\n *\r\n * export const { GET, POST } = SolidAuth(authOptions)\r\n * ```\r\n */\r\nexport function SolidAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>) {\r\n // TODO: Duck-type to check if we have an instance or raw options\r\n const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\r\n\r\n const auth = isInstance\r\n ? (optionsOrAuth as AuthInstance<TProviders>)\r\n : createAuth(optionsOrAuth as CreateAuthOptions<TProviders>)\r\n\r\n const handler = createHandler(auth)\r\n const solidHandler = (event: any) => handler(event.request)\r\n return {\r\n GET: solidHandler,\r\n POST: solidHandler,\r\n OPTIONS: solidHandler,\r\n }\r\n}\r\n"],"mappings":"gDAkBO,SAASA,EAAyDC,EAAyE,CAIhJ,IAAMC,EAFa,gBAAiBD,GAAiB,YAAaA,EAG7DA,EACDE,EAAWF,CAA8C,EAEvDG,EAAUC,EAAcH,CAAI,EAC5BI,EAAgBC,GAAeH,EAAQG,EAAM,OAAO,EAC1D,MAAO,CACL,IAAKD,EACL,KAAMA,EACN,QAASA,CACX,CACF","names":["SolidAuth","optionsOrAuth","auth","createAuth","handler","createHandler","solidHandler","event"]}
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import type { Handle, RequestEvent } from '@sveltejs/kit';
|
|
2
2
|
import type { CreateAuthOptions } from '../core';
|
|
3
|
+
import type { OAuthProvider } from '../oauth';
|
|
3
4
|
import { createAuth } from '../core';
|
|
4
|
-
type AuthInstance = ReturnType<typeof createAuth
|
|
5
|
+
type AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>;
|
|
5
6
|
/**
|
|
6
7
|
* Creates GET and POST handlers for SvelteKit.
|
|
7
8
|
*
|
|
@@ -14,7 +15,7 @@ type AuthInstance = ReturnType<typeof createAuth>;
|
|
|
14
15
|
* export const { GET, POST } = SvelteKitAuth(auth)
|
|
15
16
|
* ```
|
|
16
17
|
*/
|
|
17
|
-
export declare function SvelteKitAuth(optionsOrAuth: CreateAuthOptions | AuthInstance): {
|
|
18
|
+
export declare function SvelteKitAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>): {
|
|
18
19
|
GET: (event: RequestEvent<Partial<Record<string, string>>, string | null>) => Promise<import("..").ResponseLike>;
|
|
19
20
|
POST: (event: RequestEvent<Partial<Record<string, string>>, string | null>) => Promise<import("..").ResponseLike>;
|
|
20
21
|
OPTIONS: (event: RequestEvent<Partial<Record<string, string>>, string | null>) => Promise<import("..").ResponseLike>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../sveltekit/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAAiB,MAAM,SAAS,CAAA;AAC/D,OAAO,EAAE,UAAU,EAAoD,MAAM,SAAS,CAAA;AAEtF,KAAK,YAAY,GAAG,UAAU,CAAC,OAAO,UAAU,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../sveltekit/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAAiB,MAAM,SAAS,CAAA;AAC/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAoD,MAAM,SAAS,CAAA;AAEtF,KAAK,YAAY,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,IAAI,UAAU,CAAC,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;AAEtG;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC;;;;;EA4CnJ"}
|
package/dist/sveltekit/index.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{b as
|
|
1
|
+
import{b as i,e as a,k as u,l as d}from"../chunk-74C45CUF.js";function T(t){let n="providerMap"in t&&"signJWT"in t?t:u(t),c=d(n),r=e=>c(e.request);return{GET:r,POST:r,OPTIONS:r,handle:async({event:e,resolve:h})=>(e.locals.getSession=async()=>{let s=i(e.request.headers.get("Cookie")).get(a);if(!s){let o=e.request.headers.get("Authorization");o?.startsWith("Bearer ")&&(s=o.substring(7))}if(!s)return null;try{return await n.validateSession(s)}catch{return null}},h(e))}}export{T as SvelteKitAuth};
|
|
2
2
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../sveltekit/index.ts"],"sourcesContent":["import type { Handle, RequestEvent } from '@sveltejs/kit'\r\nimport type { CreateAuthOptions, Session, User } from '../core'\r\nimport { createAuth, createHandler, parseCookies, SESSION_COOKIE_NAME } from '../core'\r\n\r\ntype AuthInstance = ReturnType<typeof createAuth
|
|
1
|
+
{"version":3,"sources":["../../sveltekit/index.ts"],"sourcesContent":["import type { Handle, RequestEvent } from '@sveltejs/kit'\r\nimport type { CreateAuthOptions, Session, User } from '../core'\r\nimport type { OAuthProvider } from '../oauth'\r\nimport { createAuth, createHandler, parseCookies, SESSION_COOKIE_NAME } from '../core'\r\n\r\ntype AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>\r\n\r\n/**\r\n * Creates GET and POST handlers for SvelteKit.\r\n *\r\n * @example\r\n * ```ts\r\n * // src/routes/api/auth/[...gau]/+server.ts\r\n * import { SvelteKitAuth } from '@rttnd/gau/sveltekit'\r\n * import { auth } from '$lib/server/auth'\r\n *\r\n * export const { GET, POST } = SvelteKitAuth(auth)\r\n * ```\r\n */\r\nexport function SvelteKitAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>) {\r\n // TODO: Duck-type to check if we have an instance or raw options\r\n const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\r\n\r\n const auth = isInstance\r\n ? (optionsOrAuth as AuthInstance<TProviders>)\r\n : createAuth(optionsOrAuth as CreateAuthOptions<TProviders>)\r\n\r\n const handler = createHandler(auth)\r\n const sveltekitHandler = (event: RequestEvent) => handler(event.request)\r\n\r\n const handle: Handle = async ({ event, resolve }) => {\r\n (event.locals as any).getSession = async (): Promise<{\r\n user: User\r\n session: Session\r\n } | null> => {\r\n const requestCookies = parseCookies(event.request.headers.get('Cookie'))\r\n let sessionToken = requestCookies.get(SESSION_COOKIE_NAME)\r\n\r\n if (!sessionToken) {\r\n const authHeader = event.request.headers.get('Authorization')\r\n if (authHeader?.startsWith('Bearer '))\r\n sessionToken = authHeader.substring(7)\r\n }\r\n\r\n if (!sessionToken)\r\n return null\r\n\r\n try {\r\n return await auth.validateSession(sessionToken)\r\n }\r\n catch {\r\n return null\r\n }\r\n }\r\n return resolve(event)\r\n }\r\n\r\n return {\r\n GET: sveltekitHandler,\r\n POST: sveltekitHandler,\r\n OPTIONS: sveltekitHandler,\r\n handle,\r\n }\r\n}\r\n"],"mappings":"8DAmBO,SAASA,EAA6DC,EAAyE,CAIpJ,IAAMC,EAFa,gBAAiBD,GAAiB,YAAaA,EAG7DA,EACDE,EAAWF,CAA8C,EAEvDG,EAAUC,EAAcH,CAAI,EAC5BI,EAAoBC,GAAwBH,EAAQG,EAAM,OAAO,EA6BvE,MAAO,CACL,IAAKD,EACL,KAAMA,EACN,QAASA,EACT,OA/BqB,MAAO,CAAE,MAAAC,EAAO,QAAAC,CAAQ,KAC5CD,EAAM,OAAe,WAAa,SAGtB,CAEX,IAAIE,EADmBC,EAAaH,EAAM,QAAQ,QAAQ,IAAI,QAAQ,CAAC,EACrC,IAAII,CAAmB,EAEzD,GAAI,CAACF,EAAc,CACjB,IAAMG,EAAaL,EAAM,QAAQ,QAAQ,IAAI,eAAe,EACxDK,GAAY,WAAW,SAAS,IAClCH,EAAeG,EAAW,UAAU,CAAC,EACzC,CAEA,GAAI,CAACH,EACH,OAAO,KAET,GAAI,CACF,OAAO,MAAMP,EAAK,gBAAgBO,CAAY,CAChD,MACM,CACJ,OAAO,IACT,CACF,EACOD,EAAQD,CAAK,EAQtB,CACF","names":["SvelteKitAuth","optionsOrAuth","auth","createAuth","handler","createHandler","sveltekitHandler","event","resolve","sessionToken","parseCookies","SESSION_COOKIE_NAME","authHeader"]}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rttnd/gau",
|
|
3
3
|
"type": "module",
|
|
4
|
-
"version": "0.2.
|
|
4
|
+
"version": "0.2.7",
|
|
5
5
|
"packageManager": "bun@1.2.19",
|
|
6
6
|
"description": "gau is a delightful auth library",
|
|
7
7
|
"license": "MIT",
|
|
@@ -64,10 +64,6 @@
|
|
|
64
64
|
"types": "./dist/runtimes/bun/index.d.ts",
|
|
65
65
|
"import": "./dist/runtimes/bun/index.js"
|
|
66
66
|
},
|
|
67
|
-
"./runtimes/cloudflare": {
|
|
68
|
-
"types": "./dist/runtimes/cloudflare/index.d.ts",
|
|
69
|
-
"import": "./dist/runtimes/cloudflare/index.js"
|
|
70
|
-
},
|
|
71
67
|
"./runtimes/tauri": {
|
|
72
68
|
"types": "./dist/runtimes/tauri/index.d.ts",
|
|
73
69
|
"import": "./dist/runtimes/tauri/index.js"
|
package/dist/chunk-5A3NMHJO.js
DELETED
|
@@ -1,2 +0,0 @@
|
|
|
1
|
-
import{listen as g}from"@tauri-apps/api/event";import{BROWSER as r}from"esm-env";var c=r&&"__TAURI_INTERNALS__"in window;async function m(t,n,i="gau"){if(!c)return;let{platform:a}=await import("@tauri-apps/plugin-os"),{open:o}=await import("@tauri-apps/plugin-shell"),e=a(),s;e==="android"||e==="ios"?s=new URL(n).origin:s=`${i}://oauth/callback`;let u=`${n}/${t}?redirectTo=${encodeURIComponent(s)}`;await o(u)}function f(t){c&&g("deep-link",async n=>{await t(n.payload)}).catch(console.error)}function k(t,n,i,a){let o=new URL(t);if(o.protocol!==`${i}:`&&o.origin!==new URL(n).origin)return;let e=o.searchParams.get("token");e&&a(e)}function d(t){if(r)try{localStorage.setItem("gau-token",t),document.cookie=`__gau-session-token=${t}; path=/; max-age=31536000; samesite=lax`}catch{}}function T(){return r?localStorage.getItem("gau-token"):null}function h(){if(r)try{localStorage.removeItem("gau-token"),document.cookie="__gau-session-token=; path=/; max-age=0"}catch{}}export{c as a,m as b,f as c,k as d,d as e,T as f,h as g};
|
|
2
|
-
//# sourceMappingURL=chunk-5A3NMHJO.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../runtimes/tauri/index.ts"],"sourcesContent":["import { listen } from '@tauri-apps/api/event'\nimport { BROWSER } from 'esm-env'\n\nexport const isTauri = BROWSER && '__TAURI_INTERNALS__' in window\n\nexport async function signInWithTauri(provider: string, baseUrl: string, scheme: string = 'gau') {\n if (!isTauri)\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { open } = await import('@tauri-apps/plugin-shell')\n\n const currentPlatform = platform()\n let redirectTo: string\n if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const authUrl = `${baseUrl}/${provider}?redirectTo=${encodeURIComponent(redirectTo)}`\n await open(authUrl)\n}\n\nexport function setupTauriListener(handler: (url: string) => Promise<void>) {\n if (!isTauri)\n return\n\n listen<string>('deep-link', async (event) => {\n await handler(event.payload)\n }).catch(console.error)\n}\n\nexport function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void) {\n const parsed = new URL(url)\n if (parsed.protocol !== `${scheme}:` && parsed.origin !== new URL(baseUrl).origin)\n return\n\n const token = parsed.searchParams.get('token')\n if (token)\n onToken(token)\n}\n\nexport function storeSessionToken(token: string) {\n if (!BROWSER)\n return\n try {\n localStorage.setItem('gau-token', token)\n document.cookie = `__gau-session-token=${token}; path=/; max-age=31536000; samesite=lax`\n }\n catch {}\n}\n\nexport function getSessionToken(): string | null {\n if (!BROWSER)\n return null\n return localStorage.getItem('gau-token')\n}\n\nexport function clearSessionToken() {\n if (!BROWSER)\n return\n try {\n localStorage.removeItem('gau-token')\n document.cookie = `__gau-session-token=; path=/; max-age=0`\n }\n catch {}\n}\n"],"mappings":"AAAA,OAAS,UAAAA,MAAc,wBACvB,OAAS,WAAAC,MAAe,UAEjB,IAAMC,EAAUD,GAAW,wBAAyB,OAE3D,eAAsBE,EAAgBC,EAAkBC,EAAiBC,EAAiB,MAAO,CAC/F,GAAI,CAACJ,EACH,OAEF,GAAM,CAAE,SAAAK,CAAS,EAAI,KAAM,QAAO,uBAAuB,EACnD,CAAE,KAAAC,CAAK,EAAI,KAAM,QAAO,0BAA0B,EAElDC,EAAkBF,EAAS,EAC7BG,EACAD,IAAoB,WAAaA,IAAoB,MACvDC,EAAa,IAAI,IAAIL,CAAO,EAAE,OAE9BK,EAAa,GAAGJ,CAAM,oBAExB,IAAMK,EAAU,GAAGN,CAAO,IAAID,CAAQ,eAAe,mBAAmBM,CAAU,CAAC,GACnF,MAAMF,EAAKG,CAAO,CACpB,CAEO,SAASC,EAAmBC,EAAyC,CACrEX,GAGLF,EAAe,YAAa,MAAOc,GAAU,CAC3C,MAAMD,EAAQC,EAAM,OAAO,CAC7B,CAAC,EAAE,MAAM,QAAQ,KAAK,CACxB,CAEO,SAASC,EAAoBC,EAAaX,EAAiBC,EAAgBW,EAAkC,CAClH,IAAMC,EAAS,IAAI,IAAIF,CAAG,EAC1B,GAAIE,EAAO,WAAa,GAAGZ,CAAM,KAAOY,EAAO,SAAW,IAAI,IAAIb,CAAO,EAAE,OACzE,OAEF,IAAMc,EAAQD,EAAO,aAAa,IAAI,OAAO,EACzCC,GACFF,EAAQE,CAAK,CACjB,CAEO,SAASC,EAAkBD,EAAe,CAC/C,GAAKlB,EAEL,GAAI,CACF,aAAa,QAAQ,YAAakB,CAAK,EACvC,SAAS,OAAS,uBAAuBA,CAAK,0CAChD,MACM,CAAC,CACT,CAEO,SAASE,GAAiC,CAC/C,OAAKpB,EAEE,aAAa,QAAQ,WAAW,EAD9B,IAEX,CAEO,SAASqB,GAAoB,CAClC,GAAKrB,EAEL,GAAI,CACF,aAAa,WAAW,WAAW,EACnC,SAAS,OAAS,yCACpB,MACM,CAAC,CACT","names":["listen","BROWSER","isTauri","signInWithTauri","provider","baseUrl","scheme","platform","open","currentPlatform","redirectTo","authUrl","setupTauriListener","handler","event","handleTauriDeepLink","url","onToken","parsed","token","storeSessionToken","getSessionToken","clearSessionToken"]}
|
package/dist/chunk-JXRUYABI.js
DELETED
|
@@ -1,50 +0,0 @@
|
|
|
1
|
-
import{createJWTSignatureMessage as se,encodeJWT as ne,JWSRegisteredHeaders as ie,JWTRegisteredClaims as oe,parseJWT as ae}from"@oslojs/jwt";import{parse as $,serialize as G}from"cookie";var F={path:"/",sameSite:"lax",secure:!0,httpOnly:!0};function P(s){let e=new Map;if(s){let r=$(s);for(let i in r)e.set(i,r[i])}return e}var v=class{constructor(e,r){this.requestCookies=e;this.defaultOptions=r}#e=[];get(e){return this.requestCookies.get(e)}set(e,r,i){let t={...this.defaultOptions,...i};this.#e.push([e,r,t])}delete(e,r){this.set(e,"",{...r,expires:new Date(0),maxAge:0})}toHeaders(){let e=new Headers;for(let[r,i,t]of this.#e)e.append("Set-Cookie",G(r,i,t));return e}},U="__gau-csrf-token",K="__gau-session-token",R="__gau-pkce-code-verifier",L="__gau-callback-uri",M=60*10;function pe({adapter:s,providers:e,basePath:r="/api/auth",jwt:i={},cookies:t={},trustHosts:o=[],autoLink:c="verifiedEmail"}){let{algorithm:l="ES256",secret:n,iss:a,aud:f,ttl:C=3600*24}=i,S={...F,...t},A=new Map(e.map(u=>[u.id,u]));function d(u={}){let w={ttl:u.ttl,iss:u.iss??a,aud:u.aud??f,sub:u.sub};if(l==="HS256")return{algorithm:l,secret:u.secret??n,...w};{let k=u.secret??n;if(k!==void 0&&typeof k!="string")throw new y("For ES256, the secret option must be a string.");return{algorithm:l,privateKey:u.privateKey,secret:k,...w}}}function g(u={}){let w={iss:u.iss??a,aud:u.aud??f};if(l==="HS256")return{algorithm:l,secret:u.secret??n,...w};{let k=u.secret??n;if(k!==void 0&&typeof k!="string")throw new y("For ES256, the secret option must be a string.");return{algorithm:l,publicKey:u.publicKey,secret:k,...w}}}async function h(u,w={}){return J(u,d(w))}async function m(u,w={}){try{return await V(u,g(w))}catch{return null}}async function T(u,w={},k=C){let _={sub:u,...w};return h(_,{ttl:k})}async function I(u){let w=await m(u);if(!w)return null;let k=await s.getUser(w.sub);return k?{user:k,session:{id:u,...w}}:null}return{...s,providerMap:A,basePath:r,cookieOptions:S,jwt:{ttl:C},signJWT:h,verifyJWT:m,createSession:T,validateSession:I,trustHosts:o,autoLink:c}}import{generateCodeVerifier as q,generateState as X}from"arctic";function j(){let s=X(),e=q();return{state:s,codeVerifier:e}}async function Y(s,e,r){let i=e.providerMap.get(r);if(!i)return p({error:"Provider not found"},{status:400});let{state:t,codeVerifier:o}=j(),c=new URL(s.url),l=c.searchParams.get("redirectTo"),n=l?`${t}.${btoa(l)}`:t,a=c.searchParams.get("callbackUri");!a&&i.requiresRedirectUri&&(a=`${c.origin}${e.basePath}/${r}/callback`);let f=await i.getAuthorizationUrl(n,o,{redirectUri:a??void 0}),C=P(s.headers.get("Cookie")),S=new v(C,e.cookieOptions);if(S.set(U,t,{maxAge:M,sameSite:"none"}),S.set(R,o,{maxAge:M,sameSite:"none"}),a&&S.set(L,a,{maxAge:M,sameSite:"none"}),c.searchParams.get("redirect")==="false"){let g=p({url:f.toString()});return S.toHeaders().forEach((h,m)=>{g.headers.append(m,h)}),g}let d=N(f.toString());return S.toHeaders().forEach((g,h)=>{d.headers.append(h,g)}),d}async function Z(s,e,r){let i=e.providerMap.get(r);if(!i)return p({error:"Provider not found"},{status:400});let t=new URL(s.url),o=t.searchParams.get("code"),c=t.searchParams.get("state");if(!o||!c)return p({error:"Missing code or state"},{status:400});let l=P(s.headers.get("Cookie")),n=new v(l,e.cookieOptions),a,f="/";if(c.includes(".")){let[O,b]=c.split(".");a=O;try{f=atob(b??"")||"/"}catch{f="/"}}else a=c;let C=n.get(U);if(!C||C!==a)return p({error:"Invalid CSRF token"},{status:403});let S=n.get(R);if(!S)return p({error:"Missing PKCE code verifier"},{status:400});let A=n.get(L),{user:d,tokens:g}=await i.validateCallback(o,S,A??void 0),h=await e.getUserByAccount(r,d.id),m=h;if(!m){let O=e.autoLink??"verifiedEmail";if(d.email&&(O==="always"||O==="verifiedEmail"&&d.emailVerified===!0)){let E=await e.getUserByEmail(d.email);E&&(d.emailVerified&&!E.emailVerified?m=await e.updateUser({id:E.id,emailVerified:!0}):m=E)}if(!m)try{m=await e.createUser({name:d.name,email:d.email,image:d.avatar,emailVerified:d.emailVerified})}catch(E){return console.error("Failed to create user:",E),p({error:"Failed to create user"},{status:500})}}if(!h){let O;try{O=g.refreshToken()}catch{O=null}let b;try{let x=g.accessTokenExpiresAt();x&&(b=Math.floor(x.getTime()/1e3))}catch{}let E;try{E=g.idToken()}catch{E=null}try{await e.linkAccount({userId:m.id,provider:r,providerAccountId:d.id,accessToken:g.accessToken(),refreshToken:O,expiresAt:b,tokenType:g.tokenType?.()??null,scope:g.scopes()?.join(" ")??null,idToken:E})}catch(x){return console.error("Error linking account:",x),p({error:"Failed to link account"},{status:500})}}let T=await e.createSession(m.id),I=new URL(s.url),u=new URL(f,s.url),w=u.protocol==="gau:",k=I.host!==u.host;if(w||k){let O=new URL(u);O.searchParams.set("token",T);let b=`<!DOCTYPE html>
|
|
2
|
-
<html lang="en">
|
|
3
|
-
<head>
|
|
4
|
-
<meta charset="utf-8" />
|
|
5
|
-
<title>Authentication Complete</title>
|
|
6
|
-
<style>
|
|
7
|
-
body {
|
|
8
|
-
font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
|
|
9
|
-
background-color: #09090b;
|
|
10
|
-
color: #fafafa;
|
|
11
|
-
display: flex;
|
|
12
|
-
justify-content: center;
|
|
13
|
-
align-items: center;
|
|
14
|
-
height: 100vh;
|
|
15
|
-
margin: 0;
|
|
16
|
-
text-align: center;
|
|
17
|
-
}
|
|
18
|
-
.card {
|
|
19
|
-
background-color: #18181b;
|
|
20
|
-
border: 1px solid #27272a;
|
|
21
|
-
border-radius: 0.75rem;
|
|
22
|
-
padding: 2rem;
|
|
23
|
-
max-width: 320px;
|
|
24
|
-
}
|
|
25
|
-
h1 {
|
|
26
|
-
font-size: 1.25rem;
|
|
27
|
-
font-weight: 600;
|
|
28
|
-
margin: 0 0 0.5rem;
|
|
29
|
-
}
|
|
30
|
-
p {
|
|
31
|
-
margin: 0;
|
|
32
|
-
color: #a1a1aa;
|
|
33
|
-
}
|
|
34
|
-
</style>
|
|
35
|
-
<script>
|
|
36
|
-
window.onload = function() {
|
|
37
|
-
const url = ${JSON.stringify(O.toString())};
|
|
38
|
-
window.location.href = url;
|
|
39
|
-
setTimeout(window.close, 500);
|
|
40
|
-
};
|
|
41
|
-
</script>
|
|
42
|
-
</head>
|
|
43
|
-
<body>
|
|
44
|
-
<div class="card">
|
|
45
|
-
<h1>Authentication Successful</h1>
|
|
46
|
-
<p>You can now close this window.</p>
|
|
47
|
-
</div>
|
|
48
|
-
</body>
|
|
49
|
-
</html>`;n.delete(U),n.delete(R),A&&n.delete(L);let E=new Response(b,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return n.toHeaders().forEach((x,z)=>{E.headers.append(z,x)}),E}n.set(K,T,{maxAge:e.jwt.ttl,sameSite:"none",secure:!0}),n.delete(U),n.delete(R),A&&n.delete(L);let _=t.searchParams.get("redirect"),H;return _==="false"?H=p({user:m}):H=N(f),n.toHeaders().forEach((O,b)=>{H.headers.append(b,O)}),H}async function Q(s,e){let r=s.headers.get("Cookie"),t=P(r).get(K);if(!t){let o=s.headers.get("Authorization");o?.startsWith("Bearer ")&&(t=o.substring(7))}if(!t)return p({user:null,session:null});try{let o=await e.validateSession(t);return o?p(o):p({user:null,session:null},{status:401})}catch(o){return console.error("Error validating session:",o),p({error:"Failed to validate session"},{status:500})}}async function ee(s,e){let r=P(s.headers.get("Cookie")),i=new v(r,e.cookieOptions);i.delete(K,{sameSite:"none",secure:!0});let t=p({message:"Signed out"});return i.toHeaders().forEach((o,c)=>{t.headers.append(c,o)}),t}function Ae(s){let{providerMap:e,basePath:r}=s;function i(t,o){let c=t.headers.get("Origin")||t.headers.get("origin");return c&&(o.headers.set("Access-Control-Allow-Origin",c),o.headers.set("Vary","Origin"),o.headers.set("Access-Control-Allow-Credentials","true"),o.headers.set("Access-Control-Allow-Headers","Content-Type, Authorization, Cookie"),o.headers.set("Access-Control-Allow-Methods","GET, POST, OPTIONS")),o}return async function(t){if(t.method==="OPTIONS"){let f=t.headers.get("Origin")||t.headers.get("origin")||"*";return new Response(null,{status:204,headers:{"Access-Control-Allow-Origin":f,"Access-Control-Allow-Credentials":"true","Access-Control-Allow-Headers":"Content-Type, Authorization, Cookie","Access-Control-Allow-Methods":"GET, POST, OPTIONS"}})}let o=new URL(t.url);if(!o.pathname.startsWith(r))return i(t,p({error:"Not Found"},{status:404}));if(t.method==="POST"&&!te(t,s.trustHosts))return i(t,p({error:"Forbidden"},{status:403}));let l=o.pathname.substring(r.length).split("/").filter(Boolean),n=l[0];if(!n)return i(t,p({error:"Not Found"},{status:404}));let a;return t.method==="GET"?e.has(n)?l.length===2&&l[1]==="callback"?a=await Z(t,s,n):l.length===1?a=await Y(t,s,n):a=p({error:"Not Found"},{status:404}):l.length===1&&n==="session"?a=await Q(t,s):a=p({error:"Not Found"},{status:404}):t.method==="POST"?l.length===1&&n==="signout"?a=await ee(t,s):a=p({error:"Not Found"},{status:404}):a=p({error:"Method Not Allowed"},{status:405}),i(t,a)}}function te(s,e){if(e==="all")return!0;let r=s.headers.get("origin");if(!r)return!1;let i;try{i=new URL(r).host}catch{return!1}let t=new URL(s.url),o=t.host,c=`${t.protocol}//${o}`;return r===c?!0:e.includes(i)}var y=class extends Error{cause;constructor(e,r){super(e),this.name="AuthError",this.cause=r}};function p(s,e={}){let r=new Headers(e.headers);return r.has("Content-Type")||r.set("Content-Type","application/json; charset=utf-8"),new Response(JSON.stringify(s),{...e,headers:r})}function N(s,e=302){return new Response(null,{status:e,headers:{Location:s}})}function W(s,e){let r=s.length^e.length,i=Math.max(s.length,e.length);for(let t=0;t<i;t++)r|=(s[t]??0)^(e[t]??0);return r===0}function re(s){let e=s.replace(/-/g,"+").replace(/_/g,"/"),r=(4-e.length%4)%4,i=e.padEnd(e.length+r,"="),t=atob(i),o=t.length,c=new Uint8Array(o);for(let l=0;l<o;l++)c[l]=t.charCodeAt(l);return c}async function B(s){try{let e=re(s),r=await crypto.subtle.importKey("pkcs8",e.slice(),{name:"ECDSA",namedCurve:"P-256"},!0,["sign"]),i=await crypto.subtle.exportKey("jwk",r);delete i.d,i.key_ops=["verify"];let t=await crypto.subtle.importKey("jwk",i,{name:"ECDSA",namedCurve:"P-256"},!0,["verify"]);return{privateKey:r,publicKey:t}}catch(e){throw new y("Invalid secret. Must be a base64url-encoded PKCS#8 private key for ES256. Use `bunx gau secret` to generate one.",e)}}function D(s){if(s.length!==64)throw new Error("Invalid raw signature length");let e=s.slice(0,32),r=s.slice(32),i=0;for(;i<e.length-1&&e[i]===0;)i++;e=e.slice(i);let t=0;for(;t<r.length-1&&r[t]===0;)t++;if(r=r.slice(t),e.length>0&&e[0]&128){let a=new Uint8Array(e.length+1);a[0]=0,a.set(e,1),e=a}if(r.length>0&&r[0]&128){let a=new Uint8Array(r.length+1);a[0]=0,a.set(r,1),r=a}let o=e.length,c=r.length,l=2+o+2+c,n=new Uint8Array(2+l);return n[0]=48,n[1]=l,n[2]=2,n[3]=o,n.set(e,4),n[4+o]=2,n[5+o]=c,n.set(r,6+o),n}async function J(s,e={}){let{algorithm:r="ES256",ttl:i,iss:t,aud:o,sub:c,privateKey:l,secret:n}=e;if(r==="ES256"){if(!l){if(typeof n!="string")throw new y("Missing secret for ES256 signing. It must be a base64url-encoded string.");({privateKey:l}=await B(n))}}else if(r==="HS256"&&!n)throw new y("Missing secret for HS256 signing");let a=Math.floor(Date.now()/1e3),f={iat:a,iss:t,aud:o,sub:c,...s};i!=null&&i>0&&(f.exp=a+i);let C=r==="HS256",A=JSON.stringify({alg:C?"HS256":"ES256",typ:"JWT"}),d=JSON.stringify(f),g=se(A,d),h;if(C){let m=typeof n=="string"?new TextEncoder().encode(n):n,T=await crypto.subtle.importKey("raw",m,{name:"HMAC",hash:"SHA-256"},!1,["sign"]);h=new Uint8Array(await crypto.subtle.sign("HMAC",T,g))}else h=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},l,g));return ne(A,d,h)}async function V(s,e){let{algorithm:r="ES256",publicKey:i,secret:t,iss:o,aud:c}=e;if(r==="ES256"&&!i){if(typeof t!="string")throw new y("Missing secret for ES256 verification. Must be a base64url-encoded string.");({publicKey:i}=await B(t))}if(r==="HS256"&&!t)throw new y("Missing secret for HS256 verification");let[l,n,a,f]=ae(s),S=new ie(l).algorithm(),A=!1;if(r==="HS256"){if(S!=="HS256")throw new Error(`JWT algorithm is "${S}", but verifier was configured for "HS256"`);let g=typeof t=="string"?new TextEncoder().encode(t):t,h=await crypto.subtle.importKey("raw",g,{name:"HMAC",hash:"SHA-256"},!1,["sign"]),m=new Uint8Array(await crypto.subtle.sign("HMAC",h,f));A=W(m,new Uint8Array(a))}else{if(S!=="ES256")throw new y(`JWT algorithm is "${S}", but verifier was configured for "ES256"`);let g=new Uint8Array(a);if(A=await crypto.subtle.verify({name:"ECDSA",hash:"SHA-256"},i,g,f),!A){let h=D(g);A=await crypto.subtle.verify({name:"ECDSA",hash:"SHA-256"},i,h,f)}}if(!A)throw new y("Invalid JWT signature");let d=new oe(n);if(d.hasExpiration()&&!d.verifyExpiration())throw new y("JWT expired");if(d.hasNotBefore()&&!d.verifyNotBefore())throw new y("JWT not yet valid");if(o&&n.iss!==o)throw new y("Invalid JWT issuer");if(c){let g=Array.isArray(c)?c:[c],h=n.aud?Array.isArray(n.aud)?n.aud:[n.aud]:[];if(!g.some(m=>h.includes(m)))throw new y("Invalid JWT audience")}return n}export{F as a,P as b,v as c,U as d,K as e,R as f,L as g,M as h,J as i,V as j,pe as k,Ae as l,y as m,p as n,N as o};
|
|
50
|
-
//# sourceMappingURL=chunk-JXRUYABI.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../jwt/jwt.ts","../core/cookies.ts","../core/createAuth.ts","../oauth/utils.ts","../core/handler.ts","../core/index.ts","../jwt/utils.ts"],"sourcesContent":["/// <reference types=\"node\" />\nimport {\n createJWTSignatureMessage,\n encodeJWT,\n JWSRegisteredHeaders,\n JWTRegisteredClaims,\n parseJWT,\n} from '@oslojs/jwt'\nimport { AuthError } from '../core/index'\nimport { constantTimeEqual, deriveKeysFromSecret, rawToDer } from './utils'\n\nexport type SupportedAlgorithm = 'ES256' | 'HS256'\n\ninterface CommonSignOptions {\n /** Time-to-live in seconds (exp claim). If omitted the token will not expire. */\n ttl?: number\n}\n\nexport type SignOptions\n = | ({ algorithm?: 'ES256', privateKey?: CryptoKey, secret?: string }\n & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n | ({ algorithm: 'HS256', secret?: string | Uint8Array, privateKey?: never }\n & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n\n/**\n * Create a signed JWT.\n * Defaults to ES256 when a privateKey is supplied. Falls back to HS256 when a secret is supplied.\n */\nexport async function sign<T extends Record<string, unknown>>(payload: T, options: SignOptions = {}): Promise<string> {\n let { algorithm = 'ES256', ttl, iss, aud, sub, privateKey, secret } = options\n\n if (algorithm === 'ES256') {\n if (!privateKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 signing. It must be a base64url-encoded string.');\n\n ({ privateKey } = await deriveKeysFromSecret(secret))\n }\n }\n else if (algorithm === 'HS256' && !secret) {\n throw new AuthError('Missing secret for HS256 signing')\n }\n\n const now = Math.floor(Date.now() / 1000)\n\n const jwtPayload: Record<string, unknown> = { iat: now, iss, aud, sub, ...payload }\n\n if (ttl != null && ttl > 0)\n jwtPayload.exp = now + ttl\n\n const isHS256 = algorithm === 'HS256'\n const alg: SupportedAlgorithm = isHS256 ? 'HS256' : 'ES256'\n\n const headerJSON = JSON.stringify({ alg, typ: 'JWT' })\n const payloadJSON = JSON.stringify(jwtPayload)\n\n const signatureMessage = createJWTSignatureMessage(headerJSON, payloadJSON)\n\n let signature: Uint8Array\n\n if (isHS256) {\n // HS256 (HMAC-SHA256)\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n signature = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n }\n else {\n // ES256 (ECDSA-SHA256)\n // Runtimes like Bun's return the raw (r||s) signature directly, not DER-encoded.\n signature = new Uint8Array(\n await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey!,\n signatureMessage as BufferSource,\n ),\n )\n }\n\n return encodeJWT(headerJSON, payloadJSON, signature)\n}\n\nexport type VerifyOptions\n = | { algorithm?: 'ES256', publicKey?: CryptoKey, secret?: string, iss?: string, aud?: string | string[] }\n | { algorithm: 'HS256', secret?: string | Uint8Array, publicKey?: never, iss?: string, aud?: string | string[] }\n\n/**\n * Verify a JWT and return its payload when the signature is valid.\n * The algorithm is inferred from options – ES256 by default.\n * Throws when verification fails or the token is expired.\n */\nexport async function verify<T = Record<string, unknown>>(token: string, options: VerifyOptions): Promise<T> {\n let { algorithm = 'ES256', publicKey, secret, iss, aud } = options\n\n if (algorithm === 'ES256') {\n if (!publicKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 verification. Must be a base64url-encoded string.');\n\n ({ publicKey } = await deriveKeysFromSecret(secret))\n }\n }\n\n if (algorithm === 'HS256' && !secret)\n throw new AuthError('Missing secret for HS256 verification')\n\n const [header, payload, signature, signatureMessage] = parseJWT(token)\n\n const headerParams = new JWSRegisteredHeaders(header)\n const headerAlg = headerParams.algorithm()\n\n let validSignature = false\n\n // HS256 verification path\n if (algorithm === 'HS256') {\n if (headerAlg !== 'HS256')\n throw new Error(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"HS256\"`)\n\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n const expectedSig = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n validSignature = constantTimeEqual(expectedSig, new Uint8Array(signature))\n }\n // ES256 verification path (default)\n else {\n if (headerAlg !== 'ES256')\n throw new AuthError(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"ES256\"`)\n\n const rawSignature = new Uint8Array(signature)\n\n // Try verification with raw signature first (some runtimes accept it directly)\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n rawSignature as BufferSource,\n signatureMessage as BufferSource,\n )\n\n if (!validSignature) {\n // Fall back to DER-encoded signature if raw form was rejected\n const derSig = rawToDer(rawSignature)\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n derSig as BufferSource,\n signatureMessage as BufferSource,\n )\n }\n }\n\n if (!validSignature)\n throw new AuthError('Invalid JWT signature')\n\n const claims = new JWTRegisteredClaims(payload)\n if (claims.hasExpiration() && !claims.verifyExpiration())\n throw new AuthError('JWT expired')\n if (claims.hasNotBefore() && !claims.verifyNotBefore())\n throw new AuthError('JWT not yet valid')\n if (iss && (payload as any).iss !== iss)\n throw new AuthError('Invalid JWT issuer')\n\n if (aud) {\n const expectedAudience = Array.isArray(aud) ? aud : [aud]\n const tokenAudience = (payload as any).aud\n ? (Array.isArray((payload as any).aud) ? (payload as any).aud : [(payload as any).aud])\n : []\n\n if (!expectedAudience.some(audValue => tokenAudience.includes(audValue)))\n throw new AuthError('Invalid JWT audience')\n }\n\n return payload as T\n}\n","import type { SerializeOptions } from 'cookie'\r\nimport { parse, serialize } from 'cookie'\r\n\r\nexport const DEFAULT_COOKIE_SERIALIZE_OPTIONS: SerializeOptions = {\r\n path: '/',\r\n sameSite: 'lax',\r\n secure: true,\r\n httpOnly: true,\r\n}\r\n\r\nexport type Cookie = [string, string, SerializeOptions]\r\n\r\nexport function parseCookies(cookieHeader: string | null | undefined): Map<string, string> {\r\n const cookies = new Map<string, string>()\r\n if (cookieHeader) {\r\n const parsed = parse(cookieHeader)\r\n for (const name in parsed)\r\n cookies.set(name, parsed[name]!)\r\n }\r\n return cookies\r\n}\r\n\r\nexport class Cookies {\r\n #new: Cookie[] = []\r\n\r\n constructor(\r\n private readonly requestCookies: Map<string, string>,\r\n private readonly defaultOptions: SerializeOptions,\r\n ) {}\r\n\r\n get(name: string): string | undefined {\r\n return this.requestCookies.get(name)\r\n }\r\n\r\n set(name: string, value: string, options?: SerializeOptions): void {\r\n const combinedOptions = { ...this.defaultOptions, ...options }\r\n this.#new.push([name, value, combinedOptions])\r\n }\r\n\r\n delete(name: string, options?: Omit<SerializeOptions, 'expires' | 'maxAge'>): void {\r\n this.set(name, '', { ...options, expires: new Date(0), maxAge: 0 })\r\n }\r\n\r\n toHeaders(): Headers {\r\n const headers = new Headers()\r\n for (const [name, value, options] of this.#new)\r\n headers.append('Set-Cookie', serialize(name, value, options))\r\n\r\n return headers\r\n }\r\n}\r\n\r\nexport const CSRF_COOKIE_NAME = '__gau-csrf-token'\r\nexport const SESSION_COOKIE_NAME = '__gau-session-token'\r\nexport const PKCE_COOKIE_NAME = '__gau-pkce-code-verifier'\r\nexport const CALLBACK_URI_COOKIE_NAME = '__gau-callback-uri'\r\n\r\nexport const CSRF_MAX_AGE = 60 * 10 // 10 minutes\r\n","import type { SerializeOptions } from 'cookie'\nimport type { SignOptions, VerifyOptions } from '../jwt'\nimport type { OAuthProvider } from '../oauth'\nimport type { Adapter, Session, User } from './index'\nimport { sign, verify } from '../jwt'\nimport { DEFAULT_COOKIE_SERIALIZE_OPTIONS } from './cookies'\nimport { AuthError } from './index'\n\nexport interface CreateAuthOptions {\n /** The database adapter to use for storing users and accounts. */\n adapter: Adapter\n /** Array of OAuth providers to support. */\n providers: OAuthProvider[]\n /** Base path for authentication routes (defaults to '/api/auth'). */\n basePath?: string\n /** Configuration for JWT signing and verification. */\n jwt?: {\n /** Signing algorithm: 'ES256' (default) or 'HS256'. */\n algorithm?: 'ES256' | 'HS256'\n /** Secret for HS256 or base64url-encoded private key for ES256 (overrides AUTH_SECRET). */\n secret?: string\n /** Issuer claim (iss) for JWTs. */\n iss?: string\n /** Audience claim (aud) for JWTs. */\n aud?: string\n /** Default time-to-live in seconds for JWTs (defaults to 1 day). */\n ttl?: number\n }\n /** Custom options for session cookies. */\n cookies?: Partial<SerializeOptions>\n /** Trusted hosts for CSRF protection: 'all' or array of hostnames (defaults to []). */\n trustHosts?: 'all' | string[]\n /** Account linking behavior: 'verifiedEmail' (default), 'always', or false. */\n autoLink?: 'verifiedEmail' | 'always' | false\n}\n\nexport type Auth = Adapter & {\n providerMap: Map<string, OAuthProvider>\n basePath: string\n cookieOptions: SerializeOptions\n jwt: {\n ttl: number\n }\n signJWT: <T extends Record<string, unknown>>(payload: T, customOptions?: Partial<SignOptions>) => Promise<string>\n verifyJWT: <T = Record<string, unknown>>(token: string, customOptions?: Partial<VerifyOptions>) => Promise<T | null>\n createSession: (userId: string, data?: Record<string, unknown>, ttl?: number) => Promise<string>\n validateSession: (token: string) => Promise<{\n user: User\n session: Session\n } | null>\n trustHosts: 'all' | string[]\n autoLink: 'verifiedEmail' | 'always' | false\n}\n\nexport function createAuth({\n adapter,\n providers,\n basePath = '/api/auth',\n jwt: jwtConfig = {},\n cookies: cookieConfig = {},\n trustHosts = [],\n autoLink = 'verifiedEmail',\n}: CreateAuthOptions): Auth {\n const { algorithm = 'ES256', secret, iss, aud, ttl: defaultTTL = 3600 * 24 } = jwtConfig\n const cookieOptions = { ...DEFAULT_COOKIE_SERIALIZE_OPTIONS, ...cookieConfig }\n\n const providerMap = new Map(providers.map(p => [p.id, p]))\n\n function buildSignOptions(custom: Partial<SignOptions> = {}): SignOptions {\n const base = { ttl: custom.ttl, iss: custom.iss ?? iss, aud: custom.aud ?? aud, sub: custom.sub }\n if (algorithm === 'HS256') {\n return { algorithm, secret: custom.secret ?? secret, ...base }\n }\n else {\n const esSecret = custom.secret ?? secret\n if (esSecret !== undefined && typeof esSecret !== 'string')\n throw new AuthError('For ES256, the secret option must be a string.')\n return { algorithm, privateKey: custom.privateKey, secret: esSecret, ...base }\n }\n }\n\n function buildVerifyOptions(custom: Partial<VerifyOptions> = {}): VerifyOptions {\n const base = { iss: custom.iss ?? iss, aud: custom.aud ?? aud }\n if (algorithm === 'HS256') {\n return { algorithm, secret: custom.secret ?? secret, ...base }\n }\n else {\n const esSecret = custom.secret ?? secret\n if (esSecret !== undefined && typeof esSecret !== 'string')\n throw new AuthError('For ES256, the secret option must be a string.')\n return { algorithm, publicKey: custom.publicKey, secret: esSecret, ...base }\n }\n }\n\n async function signJWT<T extends Record<string, unknown>>(payload: T, customOptions: Partial<SignOptions> = {}): Promise<string> {\n return sign(payload, buildSignOptions(customOptions))\n }\n\n async function verifyJWT<T = Record<string, unknown>>(token: string, customOptions: Partial<VerifyOptions> = {}): Promise<T | null> {\n try {\n return await verify<T>(token, buildVerifyOptions(customOptions))\n }\n catch {\n return null\n }\n }\n\n async function createSession(userId: string, data: Record<string, unknown> = {}, ttl = defaultTTL): Promise<string> {\n const payload = { sub: userId, ...data }\n return signJWT(payload, { ttl })\n }\n\n async function validateSession(token: string): Promise<{ user: User, session: Session } | null> {\n const payload = await verifyJWT<{ sub: string } & Record<string, unknown>>(token)\n if (!payload)\n return null\n const user = await adapter.getUser(payload.sub)\n if (!user)\n return null\n return { user, session: { id: token, ...payload } }\n }\n\n return {\n ...adapter,\n providerMap,\n basePath,\n cookieOptions,\n jwt: {\n ttl: defaultTTL,\n },\n signJWT,\n verifyJWT,\n createSession,\n validateSession,\n trustHosts,\n autoLink,\n }\n}\n","import { generateCodeVerifier, generateState } from 'arctic'\r\n\r\nexport function createOAuthUris() {\r\n const state = generateState()\r\n const codeVerifier = generateCodeVerifier()\r\n\r\n return {\r\n state,\r\n codeVerifier,\r\n }\r\n}\r\n","import type { Auth } from './createAuth'\nimport type { RequestLike, ResponseLike } from './index'\nimport { createOAuthUris } from '../oauth/utils'\nimport {\n CALLBACK_URI_COOKIE_NAME,\n Cookies,\n CSRF_COOKIE_NAME,\n CSRF_MAX_AGE,\n parseCookies,\n PKCE_COOKIE_NAME,\n SESSION_COOKIE_NAME,\n} from './cookies'\nimport { json, redirect } from './index'\n\nasync function handleSignIn(request: RequestLike, auth: Auth, providerId: string): Promise<ResponseLike> {\n const provider = auth.providerMap.get(providerId)\n if (!provider)\n return json({ error: 'Provider not found' }, { status: 400 })\n\n const { state: originalState, codeVerifier } = createOAuthUris()\n const url = new URL(request.url)\n const redirectTo = url.searchParams.get('redirectTo')\n const state = redirectTo ? `${originalState}.${btoa(redirectTo)}` : originalState\n let callbackUri = url.searchParams.get('callbackUri')\n if (!callbackUri && provider.requiresRedirectUri)\n callbackUri = `${url.origin}${auth.basePath}/${providerId}/callback`\n\n const authUrl = await provider.getAuthorizationUrl(state, codeVerifier, {\n redirectUri: callbackUri ?? undefined,\n })\n\n const requestCookies = parseCookies(request.headers.get('Cookie'))\n const cookies = new Cookies(requestCookies, auth.cookieOptions)\n\n cookies.set(CSRF_COOKIE_NAME, originalState, { maxAge: CSRF_MAX_AGE, sameSite: 'none' })\n cookies.set(PKCE_COOKIE_NAME, codeVerifier, { maxAge: CSRF_MAX_AGE, sameSite: 'none' })\n if (callbackUri)\n cookies.set(CALLBACK_URI_COOKIE_NAME, callbackUri, { maxAge: CSRF_MAX_AGE, sameSite: 'none' })\n\n const redirectParam = url.searchParams.get('redirect')\n\n if (redirectParam === 'false') {\n const response = json({ url: authUrl.toString() })\n cookies.toHeaders().forEach((value, key) => {\n response.headers.append(key, value)\n })\n return response\n }\n\n const response = redirect(authUrl.toString())\n cookies.toHeaders().forEach((value, key) => {\n response.headers.append(key, value)\n })\n\n return response\n}\n\nasync function handleCallback(request: RequestLike, auth: Auth, providerId: string): Promise<ResponseLike> {\n const provider = auth.providerMap.get(providerId)\n if (!provider)\n return json({ error: 'Provider not found' }, { status: 400 })\n\n const url = new URL(request.url)\n const code = url.searchParams.get('code')\n const state = url.searchParams.get('state')\n\n if (!code || !state)\n return json({ error: 'Missing code or state' }, { status: 400 })\n\n const requestCookies = parseCookies(request.headers.get('Cookie'))\n const cookies = new Cookies(requestCookies, auth.cookieOptions)\n\n let savedState: string | undefined\n let redirectTo = '/'\n if (state.includes('.')) {\n const [originalSavedState, encodedRedirect] = state.split('.')\n savedState = originalSavedState\n try {\n redirectTo = atob(encodedRedirect ?? '') || '/'\n }\n catch {\n redirectTo = '/'\n }\n }\n else {\n savedState = state\n }\n\n const csrfToken = cookies.get(CSRF_COOKIE_NAME)\n\n if (!csrfToken || csrfToken !== savedState)\n return json({ error: 'Invalid CSRF token' }, { status: 403 })\n\n const codeVerifier = cookies.get(PKCE_COOKIE_NAME)\n if (!codeVerifier)\n return json({ error: 'Missing PKCE code verifier' }, { status: 400 })\n\n const callbackUri = cookies.get(CALLBACK_URI_COOKIE_NAME)\n\n const { user: providerUser, tokens } = await provider.validateCallback(code, codeVerifier, callbackUri ?? undefined)\n\n const userFromAccount = await auth.getUserByAccount(providerId, providerUser.id)\n\n let user = userFromAccount\n\n if (!user) {\n const autoLink = auth.autoLink ?? 'verifiedEmail'\n const shouldLinkByEmail = providerUser.email && (\n (autoLink === 'always')\n || (autoLink === 'verifiedEmail' && providerUser.emailVerified === true)\n )\n if (shouldLinkByEmail) {\n const existingUser = await auth.getUserByEmail(providerUser.email!)\n if (existingUser) {\n // If the email is verified by the new provider, and the existing user's email is not,\n // update the user's email verification status.\n if (providerUser.emailVerified && !existingUser.emailVerified) {\n user = await auth.updateUser({\n id: existingUser.id,\n emailVerified: true,\n })\n }\n else {\n user = existingUser\n }\n }\n }\n if (!user) {\n try {\n user = await auth.createUser({\n name: providerUser.name,\n email: providerUser.email,\n image: providerUser.avatar,\n emailVerified: providerUser.emailVerified,\n })\n }\n catch (error) {\n console.error('Failed to create user:', error)\n return json({ error: 'Failed to create user' }, { status: 500 })\n }\n }\n }\n\n if (!userFromAccount) {\n // GitHub sometimes doesn't return these which causes arctic to throw an error\n let refreshToken: string | null\n try {\n refreshToken = tokens.refreshToken()\n }\n catch {\n refreshToken = null\n }\n\n let expiresAt: number | undefined\n try {\n const expiresAtDate = tokens.accessTokenExpiresAt()\n if (expiresAtDate)\n expiresAt = Math.floor(expiresAtDate.getTime() / 1000)\n }\n catch {\n }\n\n let idToken: string | null\n try {\n idToken = tokens.idToken()\n }\n catch {\n idToken = null\n }\n\n try {\n await auth.linkAccount({\n userId: user.id,\n provider: providerId,\n providerAccountId: providerUser.id,\n accessToken: tokens.accessToken(),\n refreshToken,\n expiresAt,\n tokenType: tokens.tokenType?.() ?? null,\n scope: tokens.scopes()?.join(' ') ?? null,\n idToken,\n })\n }\n catch (error) {\n console.error('Error linking account:', error)\n return json({ error: 'Failed to link account' }, { status: 500 })\n }\n }\n\n const sessionToken = await auth.createSession(user.id)\n\n const requestUrl = new URL(request.url)\n const redirectUrl = new URL(redirectTo, request.url)\n\n const isDesktopRedirect = redirectUrl.protocol === 'gau:'\n const isMobileRedirect = requestUrl.host !== redirectUrl.host\n\n // For Tauri, we can't set a cookie on a custom protocol or a different host,\n // so we pass the token in the URL. Additionally, return a small HTML page\n // that immediately navigates to the deep-link and attempts to close the window,\n // so the external OAuth tab does not stay open.\n if (isDesktopRedirect || isMobileRedirect) {\n const destination = new URL(redirectUrl)\n destination.searchParams.set('token', sessionToken)\n\n const html = `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\" />\n <title>Authentication Complete</title>\n <style>\n body {\n font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, \"Helvetica Neue\", Arial, \"Noto Sans\", sans-serif, \"Apple Color Emoji\", \"Segoe UI Emoji\", \"Segoe UI Symbol\", \"Noto Color Emoji\";\n background-color: #09090b;\n color: #fafafa;\n display: flex;\n justify-content: center;\n align-items: center;\n height: 100vh;\n margin: 0;\n text-align: center;\n }\n .card {\n background-color: #18181b;\n border: 1px solid #27272a;\n border-radius: 0.75rem;\n padding: 2rem;\n max-width: 320px;\n }\n h1 {\n font-size: 1.25rem;\n font-weight: 600;\n margin: 0 0 0.5rem;\n }\n p {\n margin: 0;\n color: #a1a1aa;\n }\n </style>\n <script>\n window.onload = function() {\n const url = ${JSON.stringify(destination.toString())};\n window.location.href = url;\n setTimeout(window.close, 500);\n };\n </script>\n</head>\n<body>\n <div class=\"card\">\n <h1>Authentication Successful</h1>\n <p>You can now close this window.</p>\n </div>\n</body>\n</html>`\n\n // Clear temporary cookies (CSRF/PKCE/Callback URI) so they don't linger\n cookies.delete(CSRF_COOKIE_NAME)\n cookies.delete(PKCE_COOKIE_NAME)\n if (callbackUri)\n cookies.delete(CALLBACK_URI_COOKIE_NAME)\n\n const response = new Response(html, {\n status: 200,\n headers: { 'Content-Type': 'text/html; charset=utf-8' },\n })\n cookies.toHeaders().forEach((value, key) => {\n response.headers.append(key, value)\n })\n return response\n }\n\n cookies.set(SESSION_COOKIE_NAME, sessionToken, { maxAge: auth.jwt.ttl, sameSite: 'none', secure: true })\n cookies.delete(CSRF_COOKIE_NAME)\n cookies.delete(PKCE_COOKIE_NAME)\n if (callbackUri)\n cookies.delete(CALLBACK_URI_COOKIE_NAME)\n\n const redirectParam = url.searchParams.get('redirect')\n\n let response: Response\n if (redirectParam === 'false')\n response = json({ user })\n else\n response = redirect(redirectTo)\n\n cookies.toHeaders().forEach((value, key) => {\n response.headers.append(key, value)\n })\n\n return response\n}\n\nasync function handleSession(request: RequestLike, auth: Auth): Promise<ResponseLike> {\n const rawCookieHeader = request.headers.get('Cookie')\n const requestCookies = parseCookies(rawCookieHeader)\n let sessionToken = requestCookies.get(SESSION_COOKIE_NAME)\n\n if (!sessionToken) {\n const authHeader = request.headers.get('Authorization')\n if (authHeader?.startsWith('Bearer '))\n sessionToken = authHeader.substring(7)\n }\n\n if (!sessionToken)\n return json({ user: null, session: null })\n\n try {\n const sessionData = await auth.validateSession(sessionToken)\n\n if (!sessionData)\n return json({ user: null, session: null }, { status: 401 })\n\n return json(sessionData)\n }\n catch (error) {\n console.error('Error validating session:', error)\n return json({ error: 'Failed to validate session' }, { status: 500 })\n }\n}\n\nasync function handleSignOut(request: RequestLike, auth: Auth): Promise<ResponseLike> {\n const requestCookies = parseCookies(request.headers.get('Cookie'))\n const cookies = new Cookies(requestCookies, auth.cookieOptions)\n cookies.delete(SESSION_COOKIE_NAME, { sameSite: 'none', secure: true })\n\n const response = json({ message: 'Signed out' })\n cookies.toHeaders().forEach((value, key) => {\n response.headers.append(key, value)\n })\n\n return response\n}\n\nexport function createHandler(auth: Auth): (request: RequestLike) => Promise<ResponseLike> {\n const { providerMap, basePath } = auth\n\n function applyCors(request: RequestLike, response: Response): Response {\n const origin = request.headers.get('Origin') || request.headers.get('origin')\n if (!origin)\n return response\n response.headers.set('Access-Control-Allow-Origin', origin)\n response.headers.set('Vary', 'Origin')\n response.headers.set('Access-Control-Allow-Credentials', 'true')\n response.headers.set('Access-Control-Allow-Headers', 'Content-Type, Authorization, Cookie')\n response.headers.set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS')\n return response\n }\n\n return async function (request: RequestLike): Promise<ResponseLike> {\n // Handle preflight requests early\n if (request.method === 'OPTIONS') {\n const origin = request.headers.get('Origin') || request.headers.get('origin') || '*'\n const res = new Response(null, {\n status: 204,\n headers: {\n 'Access-Control-Allow-Origin': origin,\n 'Access-Control-Allow-Credentials': 'true',\n 'Access-Control-Allow-Headers': 'Content-Type, Authorization, Cookie',\n 'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',\n },\n })\n return res\n }\n\n const url = new URL(request.url)\n if (!url.pathname.startsWith(basePath))\n return applyCors(request, json({ error: 'Not Found' }, { status: 404 }))\n\n if (request.method === 'POST' && !verifyRequestOrigin(request, auth.trustHosts))\n return applyCors(request, json({ error: 'Forbidden' }, { status: 403 }))\n\n const path = url.pathname.substring(basePath.length)\n const parts = path.split('/').filter(Boolean)\n const action = parts[0]\n\n if (!action)\n return applyCors(request, json({ error: 'Not Found' }, { status: 404 }))\n\n let response: ResponseLike\n\n if (request.method === 'GET') {\n if (providerMap.has(action)) {\n if (parts.length === 2 && parts[1] === 'callback')\n response = await handleCallback(request, auth, action)\n else if (parts.length === 1)\n response = await handleSignIn(request, auth, action)\n else\n response = json({ error: 'Not Found' }, { status: 404 })\n }\n else if (parts.length === 1 && action === 'session') {\n response = await handleSession(request, auth)\n }\n else {\n response = json({ error: 'Not Found' }, { status: 404 })\n }\n }\n else if (request.method === 'POST') {\n if (parts.length === 1 && action === 'signout')\n response = await handleSignOut(request, auth)\n else\n response = json({ error: 'Not Found' }, { status: 404 })\n }\n else {\n response = json({ error: 'Method Not Allowed' }, { status: 405 })\n }\n\n return applyCors(request, response as Response)\n }\n}\n\nfunction verifyRequestOrigin(request: RequestLike, trustHosts: 'all' | string[]): boolean {\n if (trustHosts === 'all')\n return true\n\n const origin = request.headers.get('origin')\n\n if (!origin)\n return false\n\n let originHost: string\n try {\n originHost = new URL(origin).host\n }\n catch {\n return false\n }\n\n const requestUrl = new URL(request.url)\n const requestHost = requestUrl.host\n const requestOrigin = `${requestUrl.protocol}//${requestHost}`\n\n if (origin === requestOrigin)\n return true\n\n return trustHosts.includes(originHost)\n}\n","export interface RequestLike {\n /** Absolute or relative URL */\n readonly url: string\n /** Upper-case HTTP method (e.g. `GET`) */\n readonly method: string\n /** All HTTP headers – mutable so adapters can append */\n readonly headers: Headers\n /** Lazily parse the body as JSON */\n json: <T = unknown>() => Promise<T>\n /** Raw text body */\n text: () => Promise<string>\n /** FormData helper (for `application/x-www-form-urlencoded` or `multipart/form-data`) */\n formData: () => Promise<FormData>\n}\n\nexport interface ResponseLike {\n readonly status: number\n readonly headers: Headers\n readonly body?: BodyInit | null\n}\n\nexport interface User {\n id: string\n name?: string | null\n email?: string | null\n emailVerified?: boolean | null\n image?: string | null\n}\n\nexport interface Session {\n id: string\n sub: string\n [key: string]: unknown\n}\n\nexport interface GauSession {\n user: User | null\n session: Session | null\n}\n\nexport interface NewUser extends Omit<User, 'id'> {\n id?: string\n}\n\nexport interface Account {\n userId: string\n provider: string\n providerAccountId: string\n type?: string // e.g. \"oauth\"\n accessToken?: string | null\n refreshToken?: string | null\n expiresAt?: number | null // epoch seconds\n idToken?: string | null\n scope?: string | null\n tokenType?: string | null\n sessionState?: string | null\n}\n\nexport interface NewAccount extends Account {}\n\nexport interface Adapter {\n getUser: (id: string) => Promise<User | null>\n getUserByEmail: (email: string) => Promise<User | null>\n getUserByAccount: (provider: string, providerAccountId: string) => Promise<User | null>\n createUser: (data: NewUser) => Promise<User>\n linkAccount: (data: NewAccount) => Promise<void>\n updateUser: (data: Partial<User> & { id: string }) => Promise<User>\n}\n\nexport class AuthError extends Error {\n override readonly cause?: unknown\n constructor(message: string, cause?: unknown) {\n super(message)\n this.name = 'AuthError'\n this.cause = cause\n }\n}\n\nexport function json<T>(data: T, init: ResponseInit = {}): Response {\n const headers = new Headers(init.headers)\n if (!headers.has('Content-Type'))\n headers.set('Content-Type', 'application/json; charset=utf-8')\n return new Response(JSON.stringify(data), { ...init, headers })\n}\n\nexport function redirect(url: string, status: 302 | 303 = 302): Response {\n return new Response(null, {\n status,\n headers: {\n Location: url,\n },\n })\n}\n\nexport * from './cookies'\nexport * from './createAuth'\nexport * from './handler'\n","import { AuthError } from '../core/index'\n\nexport function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n let diff = a.length ^ b.length\n const len = Math.max(a.length, b.length)\n for (let i = 0; i < len; i++)\n diff |= (a[i] ?? 0) ^ (b[i] ?? 0)\n\n return diff === 0\n}\n\nfunction base64UrlToArray(base64Url: string): Uint8Array {\n const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/')\n const padLength = (4 - (base64.length % 4)) % 4\n const padded = base64.padEnd(base64.length + padLength, '=')\n const binary_string = atob(padded)\n const len = binary_string.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++)\n bytes[i] = binary_string.charCodeAt(i)\n\n return bytes\n}\n\nexport async function deriveKeysFromSecret(secret: string): Promise<{ privateKey: CryptoKey, publicKey: CryptoKey }> {\n try {\n const secretBytes = base64UrlToArray(secret)\n const privateKey = await crypto.subtle.importKey(\n 'pkcs8',\n secretBytes.slice(),\n { name: 'ECDSA', namedCurve: 'P-256' },\n true,\n ['sign'],\n )\n\n const jwk = await crypto.subtle.exportKey('jwk', privateKey)\n delete jwk.d\n jwk.key_ops = ['verify']\n\n const publicKey = await crypto.subtle.importKey(\n 'jwk',\n jwk,\n { name: 'ECDSA', namedCurve: 'P-256' },\n true,\n ['verify'],\n )\n return { privateKey, publicKey }\n }\n catch (error) {\n throw new AuthError('Invalid secret. Must be a base64url-encoded PKCS#8 private key for ES256. Use `bunx gau secret` to generate one.', error)\n }\n}\n\n/**\n * Convert JWS raw signature (r || s) to DER-encoded format for WebCrypto.\n */\nexport function rawToDer(raw: Uint8Array): Uint8Array {\n if (raw.length !== 64)\n throw new Error('Invalid raw signature length')\n\n let r = raw.slice(0, 32)\n let s = raw.slice(32)\n\n let rOffset = 0\n while (rOffset < r.length - 1 && r[rOffset] === 0) rOffset++\n r = r.slice(rOffset)\n\n let sOffset = 0\n while (sOffset < s.length - 1 && s[sOffset] === 0) sOffset++\n s = s.slice(sOffset)\n\n if (r.length > 0 && r[0]! & 0x80) {\n const rPadded = new Uint8Array(r.length + 1)\n rPadded[0] = 0\n rPadded.set(r, 1)\n r = rPadded\n }\n if (s.length > 0 && s[0]! & 0x80) {\n const sPadded = new Uint8Array(s.length + 1)\n sPadded[0] = 0\n sPadded.set(s, 1)\n s = sPadded\n }\n\n const rLength = r.length\n const sLength = s.length\n const totalLength = 2 + rLength + 2 + sLength\n\n const der = new Uint8Array(2 + totalLength)\n der[0] = 0x30 // SEQUENCE\n der[1] = totalLength\n der[2] = 0x02 // INTEGER\n der[3] = rLength\n der.set(r, 4)\n der[4 + rLength] = 0x02 // INTEGER\n der[5 + rLength] = sLength\n der.set(s, 6 + rLength)\n\n return der\n}\n"],"mappings":"AACA,OACE,6BAAAA,GACA,aAAAC,GACA,wBAAAC,GACA,uBAAAC,GACA,YAAAC,OACK,cCNP,OAAS,SAAAC,EAAO,aAAAC,MAAiB,SAE1B,IAAMC,EAAqD,CAChE,KAAM,IACN,SAAU,MACV,OAAQ,GACR,SAAU,EACZ,EAIO,SAASC,EAAaC,EAA8D,CACzF,IAAMC,EAAU,IAAI,IACpB,GAAID,EAAc,CAChB,IAAME,EAASN,EAAMI,CAAY,EACjC,QAAWG,KAAQD,EACjBD,EAAQ,IAAIE,EAAMD,EAAOC,CAAI,CAAE,CACnC,CACA,OAAOF,CACT,CAEO,IAAMG,EAAN,KAAc,CAGnB,YACmBC,EACAC,EACjB,CAFiB,oBAAAD,EACA,oBAAAC,CAChB,CALHC,GAAiB,CAAC,EAOlB,IAAIJ,EAAkC,CACpC,OAAO,KAAK,eAAe,IAAIA,CAAI,CACrC,CAEA,IAAIA,EAAcK,EAAeC,EAAkC,CACjE,IAAMC,EAAkB,CAAE,GAAG,KAAK,eAAgB,GAAGD,CAAQ,EAC7D,KAAKF,GAAK,KAAK,CAACJ,EAAMK,EAAOE,CAAe,CAAC,CAC/C,CAEA,OAAOP,EAAcM,EAA8D,CACjF,KAAK,IAAIN,EAAM,GAAI,CAAE,GAAGM,EAAS,QAAS,IAAI,KAAK,CAAC,EAAG,OAAQ,CAAE,CAAC,CACpE,CAEA,WAAqB,CACnB,IAAME,EAAU,IAAI,QACpB,OAAW,CAACR,EAAMK,EAAOC,CAAO,IAAK,KAAKF,GACxCI,EAAQ,OAAO,aAAcd,EAAUM,EAAMK,EAAOC,CAAO,CAAC,EAE9D,OAAOE,CACT,CACF,EAEaC,EAAmB,mBACnBC,EAAsB,sBACtBC,EAAmB,2BACnBC,EAA2B,qBAE3BC,EAAe,GAAK,GCH1B,SAASC,GAAW,CACzB,QAAAC,EACA,UAAAC,EACA,SAAAC,EAAW,YACX,IAAKC,EAAY,CAAC,EAClB,QAASC,EAAe,CAAC,EACzB,WAAAC,EAAa,CAAC,EACd,SAAAC,EAAW,eACb,EAA4B,CAC1B,GAAM,CAAE,UAAAC,EAAY,QAAS,OAAAC,EAAQ,IAAAC,EAAK,IAAAC,EAAK,IAAKC,EAAa,KAAO,EAAG,EAAIR,EACzES,EAAgB,CAAE,GAAGC,EAAkC,GAAGT,CAAa,EAEvEU,EAAc,IAAI,IAAIb,EAAU,IAAIc,GAAK,CAACA,EAAE,GAAIA,CAAC,CAAC,CAAC,EAEzD,SAASC,EAAiBC,EAA+B,CAAC,EAAgB,CACxE,IAAMC,EAAO,CAAE,IAAKD,EAAO,IAAK,IAAKA,EAAO,KAAOR,EAAK,IAAKQ,EAAO,KAAOP,EAAK,IAAKO,EAAO,GAAI,EAChG,GAAIV,IAAc,QAChB,MAAO,CAAE,UAAAA,EAAW,OAAQU,EAAO,QAAUT,EAAQ,GAAGU,CAAK,EAE1D,CACH,IAAMC,EAAWF,EAAO,QAAUT,EAClC,GAAIW,IAAa,QAAa,OAAOA,GAAa,SAChD,MAAM,IAAIC,EAAU,gDAAgD,EACtE,MAAO,CAAE,UAAAb,EAAW,WAAYU,EAAO,WAAY,OAAQE,EAAU,GAAGD,CAAK,CAC/E,CACF,CAEA,SAASG,EAAmBJ,EAAiC,CAAC,EAAkB,CAC9E,IAAMC,EAAO,CAAE,IAAKD,EAAO,KAAOR,EAAK,IAAKQ,EAAO,KAAOP,CAAI,EAC9D,GAAIH,IAAc,QAChB,MAAO,CAAE,UAAAA,EAAW,OAAQU,EAAO,QAAUT,EAAQ,GAAGU,CAAK,EAE1D,CACH,IAAMC,EAAWF,EAAO,QAAUT,EAClC,GAAIW,IAAa,QAAa,OAAOA,GAAa,SAChD,MAAM,IAAIC,EAAU,gDAAgD,EACtE,MAAO,CAAE,UAAAb,EAAW,UAAWU,EAAO,UAAW,OAAQE,EAAU,GAAGD,CAAK,CAC7E,CACF,CAEA,eAAeI,EAA2CC,EAAYC,EAAsC,CAAC,EAAoB,CAC/H,OAAOC,EAAKF,EAASP,EAAiBQ,CAAa,CAAC,CACtD,CAEA,eAAeE,EAAuCC,EAAeH,EAAwC,CAAC,EAAsB,CAClI,GAAI,CACF,OAAO,MAAMI,EAAUD,EAAON,EAAmBG,CAAa,CAAC,CACjE,MACM,CACJ,OAAO,IACT,CACF,CAEA,eAAeK,EAAcC,EAAgBC,EAAgC,CAAC,EAAGC,EAAMrB,EAA6B,CAClH,IAAMY,EAAU,CAAE,IAAKO,EAAQ,GAAGC,CAAK,EACvC,OAAOT,EAAQC,EAAS,CAAE,IAAAS,CAAI,CAAC,CACjC,CAEA,eAAeC,EAAgBN,EAAiE,CAC9F,IAAMJ,EAAU,MAAMG,EAAqDC,CAAK,EAChF,GAAI,CAACJ,EACH,OAAO,KACT,IAAMW,EAAO,MAAMlC,EAAQ,QAAQuB,EAAQ,GAAG,EAC9C,OAAKW,EAEE,CAAE,KAAAA,EAAM,QAAS,CAAE,GAAIP,EAAO,GAAGJ,CAAQ,CAAE,EADzC,IAEX,CAEA,MAAO,CACL,GAAGvB,EACH,YAAAc,EACA,SAAAZ,EACA,cAAAU,EACA,IAAK,CACH,IAAKD,CACP,EACA,QAAAW,EACA,UAAAI,EACA,cAAAG,EACA,gBAAAI,EACA,WAAA5B,EACA,SAAAC,CACF,CACF,CCzIA,OAAS,wBAAA6B,EAAsB,iBAAAC,MAAqB,SAE7C,SAASC,GAAkB,CAChC,IAAMC,EAAQF,EAAc,EACtBG,EAAeJ,EAAqB,EAE1C,MAAO,CACL,MAAAG,EACA,aAAAC,CACF,CACF,CCIA,eAAeC,EAAaC,EAAsBC,EAAYC,EAA2C,CACvG,IAAMC,EAAWF,EAAK,YAAY,IAAIC,CAAU,EAChD,GAAI,CAACC,EACH,OAAOC,EAAK,CAAE,MAAO,oBAAqB,EAAG,CAAE,OAAQ,GAAI,CAAC,EAE9D,GAAM,CAAE,MAAOC,EAAe,aAAAC,CAAa,EAAIC,EAAgB,EACzDC,EAAM,IAAI,IAAIR,EAAQ,GAAG,EACzBS,EAAaD,EAAI,aAAa,IAAI,YAAY,EAC9CE,EAAQD,EAAa,GAAGJ,CAAa,IAAI,KAAKI,CAAU,CAAC,GAAKJ,EAChEM,EAAcH,EAAI,aAAa,IAAI,aAAa,EAChD,CAACG,GAAeR,EAAS,sBAC3BQ,EAAc,GAAGH,EAAI,MAAM,GAAGP,EAAK,QAAQ,IAAIC,CAAU,aAE3D,IAAMU,EAAU,MAAMT,EAAS,oBAAoBO,EAAOJ,EAAc,CACtE,YAAaK,GAAe,MAC9B,CAAC,EAEKE,EAAiBC,EAAad,EAAQ,QAAQ,IAAI,QAAQ,CAAC,EAC3De,EAAU,IAAIC,EAAQH,EAAgBZ,EAAK,aAAa,EAS9D,GAPAc,EAAQ,IAAIE,EAAkBZ,EAAe,CAAE,OAAQa,EAAc,SAAU,MAAO,CAAC,EACvFH,EAAQ,IAAII,EAAkBb,EAAc,CAAE,OAAQY,EAAc,SAAU,MAAO,CAAC,EAClFP,GACFI,EAAQ,IAAIK,EAA0BT,EAAa,CAAE,OAAQO,EAAc,SAAU,MAAO,CAAC,EAEzEV,EAAI,aAAa,IAAI,UAAU,IAE/B,QAAS,CAC7B,IAAMa,EAAWjB,EAAK,CAAE,IAAKQ,EAAQ,SAAS,CAAE,CAAC,EACjD,OAAAG,EAAQ,UAAU,EAAE,QAAQ,CAACO,EAAOC,IAAQ,CAC1CF,EAAS,QAAQ,OAAOE,EAAKD,CAAK,CACpC,CAAC,EACMD,CACT,CAEA,IAAMA,EAAWG,EAASZ,EAAQ,SAAS,CAAC,EAC5C,OAAAG,EAAQ,UAAU,EAAE,QAAQ,CAACO,EAAOC,IAAQ,CAC1CF,EAAS,QAAQ,OAAOE,EAAKD,CAAK,CACpC,CAAC,EAEMD,CACT,CAEA,eAAeI,EAAezB,EAAsBC,EAAYC,EAA2C,CACzG,IAAMC,EAAWF,EAAK,YAAY,IAAIC,CAAU,EAChD,GAAI,CAACC,EACH,OAAOC,EAAK,CAAE,MAAO,oBAAqB,EAAG,CAAE,OAAQ,GAAI,CAAC,EAE9D,IAAMI,EAAM,IAAI,IAAIR,EAAQ,GAAG,EACzB0B,EAAOlB,EAAI,aAAa,IAAI,MAAM,EAClCE,EAAQF,EAAI,aAAa,IAAI,OAAO,EAE1C,GAAI,CAACkB,GAAQ,CAAChB,EACZ,OAAON,EAAK,CAAE,MAAO,uBAAwB,EAAG,CAAE,OAAQ,GAAI,CAAC,EAEjE,IAAMS,EAAiBC,EAAad,EAAQ,QAAQ,IAAI,QAAQ,CAAC,EAC3De,EAAU,IAAIC,EAAQH,EAAgBZ,EAAK,aAAa,EAE1D0B,EACAlB,EAAa,IACjB,GAAIC,EAAM,SAAS,GAAG,EAAG,CACvB,GAAM,CAACkB,EAAoBC,CAAe,EAAInB,EAAM,MAAM,GAAG,EAC7DiB,EAAaC,EACb,GAAI,CACFnB,EAAa,KAAKoB,GAAmB,EAAE,GAAK,GAC9C,MACM,CACJpB,EAAa,GACf,CACF,MAEEkB,EAAajB,EAGf,IAAMoB,EAAYf,EAAQ,IAAIE,CAAgB,EAE9C,GAAI,CAACa,GAAaA,IAAcH,EAC9B,OAAOvB,EAAK,CAAE,MAAO,oBAAqB,EAAG,CAAE,OAAQ,GAAI,CAAC,EAE9D,IAAME,EAAeS,EAAQ,IAAII,CAAgB,EACjD,GAAI,CAACb,EACH,OAAOF,EAAK,CAAE,MAAO,4BAA6B,EAAG,CAAE,OAAQ,GAAI,CAAC,EAEtE,IAAMO,EAAcI,EAAQ,IAAIK,CAAwB,EAElD,CAAE,KAAMW,EAAc,OAAAC,CAAO,EAAI,MAAM7B,EAAS,iBAAiBuB,EAAMpB,EAAcK,GAAe,MAAS,EAE7GsB,EAAkB,MAAMhC,EAAK,iBAAiBC,EAAY6B,EAAa,EAAE,EAE3EG,EAAOD,EAEX,GAAI,CAACC,EAAM,CACT,IAAMC,EAAWlC,EAAK,UAAY,gBAKlC,GAJ0B8B,EAAa,QACpCI,IAAa,UACVA,IAAa,iBAAmBJ,EAAa,gBAAkB,IAE9C,CACrB,IAAMK,EAAe,MAAMnC,EAAK,eAAe8B,EAAa,KAAM,EAC9DK,IAGEL,EAAa,eAAiB,CAACK,EAAa,cAC9CF,EAAO,MAAMjC,EAAK,WAAW,CAC3B,GAAImC,EAAa,GACjB,cAAe,EACjB,CAAC,EAGDF,EAAOE,EAGb,CACA,GAAI,CAACF,EACH,GAAI,CACFA,EAAO,MAAMjC,EAAK,WAAW,CAC3B,KAAM8B,EAAa,KACnB,MAAOA,EAAa,MACpB,MAAOA,EAAa,OACpB,cAAeA,EAAa,aAC9B,CAAC,CACH,OACOM,EAAO,CACZ,eAAQ,MAAM,yBAA0BA,CAAK,EACtCjC,EAAK,CAAE,MAAO,uBAAwB,EAAG,CAAE,OAAQ,GAAI,CAAC,CACjE,CAEJ,CAEA,GAAI,CAAC6B,EAAiB,CAEpB,IAAIK,EACJ,GAAI,CACFA,EAAeN,EAAO,aAAa,CACrC,MACM,CACJM,EAAe,IACjB,CAEA,IAAIC,EACJ,GAAI,CACF,IAAMC,EAAgBR,EAAO,qBAAqB,EAC9CQ,IACFD,EAAY,KAAK,MAAMC,EAAc,QAAQ,EAAI,GAAI,EACzD,MACM,CACN,CAEA,IAAIC,EACJ,GAAI,CACFA,EAAUT,EAAO,QAAQ,CAC3B,MACM,CACJS,EAAU,IACZ,CAEA,GAAI,CACF,MAAMxC,EAAK,YAAY,CACrB,OAAQiC,EAAK,GACb,SAAUhC,EACV,kBAAmB6B,EAAa,GAChC,YAAaC,EAAO,YAAY,EAChC,aAAAM,EACA,UAAAC,EACA,UAAWP,EAAO,YAAY,GAAK,KACnC,MAAOA,EAAO,OAAO,GAAG,KAAK,GAAG,GAAK,KACrC,QAAAS,CACF,CAAC,CACH,OACOJ,EAAO,CACZ,eAAQ,MAAM,yBAA0BA,CAAK,EACtCjC,EAAK,CAAE,MAAO,wBAAyB,EAAG,CAAE,OAAQ,GAAI,CAAC,CAClE,CACF,CAEA,IAAMsC,EAAe,MAAMzC,EAAK,cAAciC,EAAK,EAAE,EAE/CS,EAAa,IAAI,IAAI3C,EAAQ,GAAG,EAChC4C,EAAc,IAAI,IAAInC,EAAYT,EAAQ,GAAG,EAE7C6C,EAAoBD,EAAY,WAAa,OAC7CE,EAAmBH,EAAW,OAASC,EAAY,KAMzD,GAAIC,GAAqBC,EAAkB,CACzC,IAAMC,EAAc,IAAI,IAAIH,CAAW,EACvCG,EAAY,aAAa,IAAI,QAASL,CAAY,EAElD,IAAMM,EAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAoCG,KAAK,UAAUD,EAAY,SAAS,CAAC,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAetDhC,EAAQ,OAAOE,CAAgB,EAC/BF,EAAQ,OAAOI,CAAgB,EAC3BR,GACFI,EAAQ,OAAOK,CAAwB,EAEzC,IAAMC,EAAW,IAAI,SAAS2B,EAAM,CAClC,OAAQ,IACR,QAAS,CAAE,eAAgB,0BAA2B,CACxD,CAAC,EACD,OAAAjC,EAAQ,UAAU,EAAE,QAAQ,CAACO,EAAOC,IAAQ,CAC1CF,EAAS,QAAQ,OAAOE,EAAKD,CAAK,CACpC,CAAC,EACMD,CACT,CAEAN,EAAQ,IAAIkC,EAAqBP,EAAc,CAAE,OAAQzC,EAAK,IAAI,IAAK,SAAU,OAAQ,OAAQ,EAAK,CAAC,EACvGc,EAAQ,OAAOE,CAAgB,EAC/BF,EAAQ,OAAOI,CAAgB,EAC3BR,GACFI,EAAQ,OAAOK,CAAwB,EAEzC,IAAM8B,EAAgB1C,EAAI,aAAa,IAAI,UAAU,EAEjDa,EACJ,OAAI6B,IAAkB,QACpB7B,EAAWjB,EAAK,CAAE,KAAA8B,CAAK,CAAC,EAExBb,EAAWG,EAASf,CAAU,EAEhCM,EAAQ,UAAU,EAAE,QAAQ,CAACO,EAAOC,IAAQ,CAC1CF,EAAS,QAAQ,OAAOE,EAAKD,CAAK,CACpC,CAAC,EAEMD,CACT,CAEA,eAAe8B,EAAcnD,EAAsBC,EAAmC,CACpF,IAAMmD,EAAkBpD,EAAQ,QAAQ,IAAI,QAAQ,EAEhD0C,EADmB5B,EAAasC,CAAe,EACjB,IAAIH,CAAmB,EAEzD,GAAI,CAACP,EAAc,CACjB,IAAMW,EAAarD,EAAQ,QAAQ,IAAI,eAAe,EAClDqD,GAAY,WAAW,SAAS,IAClCX,EAAeW,EAAW,UAAU,CAAC,EACzC,CAEA,GAAI,CAACX,EACH,OAAOtC,EAAK,CAAE,KAAM,KAAM,QAAS,IAAK,CAAC,EAE3C,GAAI,CACF,IAAMkD,EAAc,MAAMrD,EAAK,gBAAgByC,CAAY,EAE3D,OAAKY,EAGElD,EAAKkD,CAAW,EAFdlD,EAAK,CAAE,KAAM,KAAM,QAAS,IAAK,EAAG,CAAE,OAAQ,GAAI,CAAC,CAG9D,OACOiC,EAAO,CACZ,eAAQ,MAAM,4BAA6BA,CAAK,EACzCjC,EAAK,CAAE,MAAO,4BAA6B,EAAG,CAAE,OAAQ,GAAI,CAAC,CACtE,CACF,CAEA,eAAemD,GAAcvD,EAAsBC,EAAmC,CACpF,IAAMY,EAAiBC,EAAad,EAAQ,QAAQ,IAAI,QAAQ,CAAC,EAC3De,EAAU,IAAIC,EAAQH,EAAgBZ,EAAK,aAAa,EAC9Dc,EAAQ,OAAOkC,EAAqB,CAAE,SAAU,OAAQ,OAAQ,EAAK,CAAC,EAEtE,IAAM5B,EAAWjB,EAAK,CAAE,QAAS,YAAa,CAAC,EAC/C,OAAAW,EAAQ,UAAU,EAAE,QAAQ,CAACO,EAAOC,IAAQ,CAC1CF,EAAS,QAAQ,OAAOE,EAAKD,CAAK,CACpC,CAAC,EAEMD,CACT,CAEO,SAASmC,GAAcvD,EAA6D,CACzF,GAAM,CAAE,YAAAwD,EAAa,SAAAC,CAAS,EAAIzD,EAElC,SAAS0D,EAAU3D,EAAsBqB,EAA8B,CACrE,IAAMuC,EAAS5D,EAAQ,QAAQ,IAAI,QAAQ,GAAKA,EAAQ,QAAQ,IAAI,QAAQ,EAC5E,OAAK4D,IAELvC,EAAS,QAAQ,IAAI,8BAA+BuC,CAAM,EAC1DvC,EAAS,QAAQ,IAAI,OAAQ,QAAQ,EACrCA,EAAS,QAAQ,IAAI,mCAAoC,MAAM,EAC/DA,EAAS,QAAQ,IAAI,+BAAgC,qCAAqC,EAC1FA,EAAS,QAAQ,IAAI,+BAAgC,oBAAoB,GAClEA,CACT,CAEA,OAAO,eAAgBrB,EAA6C,CAElE,GAAIA,EAAQ,SAAW,UAAW,CAChC,IAAM4D,EAAS5D,EAAQ,QAAQ,IAAI,QAAQ,GAAKA,EAAQ,QAAQ,IAAI,QAAQ,GAAK,IAUjF,OATY,IAAI,SAAS,KAAM,CAC7B,OAAQ,IACR,QAAS,CACP,8BAA+B4D,EAC/B,mCAAoC,OACpC,+BAAgC,sCAChC,+BAAgC,oBAClC,CACF,CAAC,CAEH,CAEA,IAAMpD,EAAM,IAAI,IAAIR,EAAQ,GAAG,EAC/B,GAAI,CAACQ,EAAI,SAAS,WAAWkD,CAAQ,EACnC,OAAOC,EAAU3D,EAASI,EAAK,CAAE,MAAO,WAAY,EAAG,CAAE,OAAQ,GAAI,CAAC,CAAC,EAEzE,GAAIJ,EAAQ,SAAW,QAAU,CAAC6D,GAAoB7D,EAASC,EAAK,UAAU,EAC5E,OAAO0D,EAAU3D,EAASI,EAAK,CAAE,MAAO,WAAY,EAAG,CAAE,OAAQ,GAAI,CAAC,CAAC,EAGzE,IAAM0D,EADOtD,EAAI,SAAS,UAAUkD,EAAS,MAAM,EAChC,MAAM,GAAG,EAAE,OAAO,OAAO,EACtCK,EAASD,EAAM,CAAC,EAEtB,GAAI,CAACC,EACH,OAAOJ,EAAU3D,EAASI,EAAK,CAAE,MAAO,WAAY,EAAG,CAAE,OAAQ,GAAI,CAAC,CAAC,EAEzE,IAAIiB,EAEJ,OAAIrB,EAAQ,SAAW,MACjByD,EAAY,IAAIM,CAAM,EACpBD,EAAM,SAAW,GAAKA,EAAM,CAAC,IAAM,WACrCzC,EAAW,MAAMI,EAAezB,EAASC,EAAM8D,CAAM,EAC9CD,EAAM,SAAW,EACxBzC,EAAW,MAAMtB,EAAaC,EAASC,EAAM8D,CAAM,EAEnD1C,EAAWjB,EAAK,CAAE,MAAO,WAAY,EAAG,CAAE,OAAQ,GAAI,CAAC,EAElD0D,EAAM,SAAW,GAAKC,IAAW,UACxC1C,EAAW,MAAM8B,EAAcnD,EAASC,CAAI,EAG5CoB,EAAWjB,EAAK,CAAE,MAAO,WAAY,EAAG,CAAE,OAAQ,GAAI,CAAC,EAGlDJ,EAAQ,SAAW,OACtB8D,EAAM,SAAW,GAAKC,IAAW,UACnC1C,EAAW,MAAMkC,GAAcvD,EAASC,CAAI,EAE5CoB,EAAWjB,EAAK,CAAE,MAAO,WAAY,EAAG,CAAE,OAAQ,GAAI,CAAC,EAGzDiB,EAAWjB,EAAK,CAAE,MAAO,oBAAqB,EAAG,CAAE,OAAQ,GAAI,CAAC,EAG3DuD,EAAU3D,EAASqB,CAAoB,CAChD,CACF,CAEA,SAASwC,GAAoB7D,EAAsBgE,EAAuC,CACxF,GAAIA,IAAe,MACjB,MAAO,GAET,IAAMJ,EAAS5D,EAAQ,QAAQ,IAAI,QAAQ,EAE3C,GAAI,CAAC4D,EACH,MAAO,GAET,IAAIK,EACJ,GAAI,CACFA,EAAa,IAAI,IAAIL,CAAM,EAAE,IAC/B,MACM,CACJ,MAAO,EACT,CAEA,IAAMjB,EAAa,IAAI,IAAI3C,EAAQ,GAAG,EAChCkE,EAAcvB,EAAW,KACzBwB,EAAgB,GAAGxB,EAAW,QAAQ,KAAKuB,CAAW,GAE5D,OAAIN,IAAWO,EACN,GAEFH,EAAW,SAASC,CAAU,CACvC,CC9WO,IAAMG,EAAN,cAAwB,KAAM,CACjB,MAClB,YAAYC,EAAiBC,EAAiB,CAC5C,MAAMD,CAAO,EACb,KAAK,KAAO,YACZ,KAAK,MAAQC,CACf,CACF,EAEO,SAASC,EAAQC,EAASC,EAAqB,CAAC,EAAa,CAClE,IAAMC,EAAU,IAAI,QAAQD,EAAK,OAAO,EACxC,OAAKC,EAAQ,IAAI,cAAc,GAC7BA,EAAQ,IAAI,eAAgB,iCAAiC,EACxD,IAAI,SAAS,KAAK,UAAUF,CAAI,EAAG,CAAE,GAAGC,EAAM,QAAAC,CAAQ,CAAC,CAChE,CAEO,SAASC,EAASC,EAAaC,EAAoB,IAAe,CACvE,OAAO,IAAI,SAAS,KAAM,CACxB,OAAAA,EACA,QAAS,CACP,SAAUD,CACZ,CACF,CAAC,CACH,CC1FO,SAASE,EAAkBC,EAAeC,EAAwB,CACvE,IAAIC,EAAOF,EAAE,OAASC,EAAE,OAClBE,EAAM,KAAK,IAAIH,EAAE,OAAQC,EAAE,MAAM,EACvC,QAASG,EAAI,EAAGA,EAAID,EAAKC,IACvBF,IAASF,EAAEI,CAAC,GAAK,IAAMH,EAAEG,CAAC,GAAK,GAEjC,OAAOF,IAAS,CAClB,CAEA,SAASG,GAAiBC,EAA+B,CACvD,IAAMC,EAASD,EAAU,QAAQ,KAAM,GAAG,EAAE,QAAQ,KAAM,GAAG,EACvDE,GAAa,EAAKD,EAAO,OAAS,GAAM,EACxCE,EAASF,EAAO,OAAOA,EAAO,OAASC,EAAW,GAAG,EACrDE,EAAgB,KAAKD,CAAM,EAC3BN,EAAMO,EAAc,OACpBC,EAAQ,IAAI,WAAWR,CAAG,EAChC,QAASC,EAAI,EAAGA,EAAID,EAAKC,IACvBO,EAAMP,CAAC,EAAIM,EAAc,WAAWN,CAAC,EAEvC,OAAOO,CACT,CAEA,eAAsBC,EAAqBC,EAA0E,CACnH,GAAI,CACF,IAAMC,EAAcT,GAAiBQ,CAAM,EACrCE,EAAa,MAAM,OAAO,OAAO,UACrC,QACAD,EAAY,MAAM,EAClB,CAAE,KAAM,QAAS,WAAY,OAAQ,EACrC,GACA,CAAC,MAAM,CACT,EAEME,EAAM,MAAM,OAAO,OAAO,UAAU,MAAOD,CAAU,EAC3D,OAAOC,EAAI,EACXA,EAAI,QAAU,CAAC,QAAQ,EAEvB,IAAMC,EAAY,MAAM,OAAO,OAAO,UACpC,MACAD,EACA,CAAE,KAAM,QAAS,WAAY,OAAQ,EACrC,GACA,CAAC,QAAQ,CACX,EACA,MAAO,CAAE,WAAAD,EAAY,UAAAE,CAAU,CACjC,OACOC,EAAO,CACZ,MAAM,IAAIC,EAAU,mHAAoHD,CAAK,CAC/I,CACF,CAKO,SAASE,EAASC,EAA6B,CACpD,GAAIA,EAAI,SAAW,GACjB,MAAM,IAAI,MAAM,8BAA8B,EAEhD,IAAIC,EAAID,EAAI,MAAM,EAAG,EAAE,EACnBE,EAAIF,EAAI,MAAM,EAAE,EAEhBG,EAAU,EACd,KAAOA,EAAUF,EAAE,OAAS,GAAKA,EAAEE,CAAO,IAAM,GAAGA,IACnDF,EAAIA,EAAE,MAAME,CAAO,EAEnB,IAAIC,EAAU,EACd,KAAOA,EAAUF,EAAE,OAAS,GAAKA,EAAEE,CAAO,IAAM,GAAGA,IAGnD,GAFAF,EAAIA,EAAE,MAAME,CAAO,EAEfH,EAAE,OAAS,GAAKA,EAAE,CAAC,EAAK,IAAM,CAChC,IAAMI,EAAU,IAAI,WAAWJ,EAAE,OAAS,CAAC,EAC3CI,EAAQ,CAAC,EAAI,EACbA,EAAQ,IAAIJ,EAAG,CAAC,EAChBA,EAAII,CACN,CACA,GAAIH,EAAE,OAAS,GAAKA,EAAE,CAAC,EAAK,IAAM,CAChC,IAAMI,EAAU,IAAI,WAAWJ,EAAE,OAAS,CAAC,EAC3CI,EAAQ,CAAC,EAAI,EACbA,EAAQ,IAAIJ,EAAG,CAAC,EAChBA,EAAII,CACN,CAEA,IAAMC,EAAUN,EAAE,OACZO,EAAUN,EAAE,OACZO,EAAc,EAAIF,EAAU,EAAIC,EAEhCE,EAAM,IAAI,WAAW,EAAID,CAAW,EAC1C,OAAAC,EAAI,CAAC,EAAI,GACTA,EAAI,CAAC,EAAID,EACTC,EAAI,CAAC,EAAI,EACTA,EAAI,CAAC,EAAIH,EACTG,EAAI,IAAIT,EAAG,CAAC,EACZS,EAAI,EAAIH,CAAO,EAAI,EACnBG,EAAI,EAAIH,CAAO,EAAIC,EACnBE,EAAI,IAAIR,EAAG,EAAIK,CAAO,EAEfG,CACT,CNvEA,eAAsBC,EAAwCC,EAAYC,EAAuB,CAAC,EAAoB,CACpH,GAAI,CAAE,UAAAC,EAAY,QAAS,IAAAC,EAAK,IAAAC,EAAK,IAAAC,EAAK,IAAAC,EAAK,WAAAC,EAAY,OAAAC,CAAO,EAAIP,EAEtE,GAAIC,IAAc,SAChB,GAAI,CAACK,EAAY,CACf,GAAI,OAAOC,GAAW,SACpB,MAAM,IAAIC,EAAU,0EAA0E,GAE/F,CAAE,WAAAF,CAAW,EAAI,MAAMG,EAAqBF,CAAM,EACrD,UAEON,IAAc,SAAW,CAACM,EACjC,MAAM,IAAIC,EAAU,kCAAkC,EAGxD,IAAME,EAAM,KAAK,MAAM,KAAK,IAAI,EAAI,GAAI,EAElCC,EAAsC,CAAE,IAAKD,EAAK,IAAAP,EAAK,IAAAC,EAAK,IAAAC,EAAK,GAAGN,CAAQ,EAE9EG,GAAO,MAAQA,EAAM,IACvBS,EAAW,IAAMD,EAAMR,GAEzB,IAAMU,EAAUX,IAAc,QAGxBY,EAAa,KAAK,UAAU,CAAE,IAFJD,EAAU,QAAU,QAEX,IAAK,KAAM,CAAC,EAC/CE,EAAc,KAAK,UAAUH,CAAU,EAEvCI,EAAmBC,GAA0BH,EAAYC,CAAW,EAEtEG,EAEJ,GAAIL,EAAS,CAEX,IAAMM,EAAc,OAAOX,GAAW,SAClC,IAAI,YAAY,EAAE,OAAOA,CAAM,EAC/BA,EAEEY,EAAY,MAAM,OAAO,OAAO,UACpC,MACAD,EACA,CAAE,KAAM,OAAQ,KAAM,SAAU,EAChC,GACA,CAAC,MAAM,CACT,EAEAD,EAAY,IAAI,WAAW,MAAM,OAAO,OAAO,KAAK,OAAQE,EAAWJ,CAAgC,CAAC,CAC1G,MAIEE,EAAY,IAAI,WACd,MAAM,OAAO,OAAO,KAClB,CAAE,KAAM,QAAS,KAAM,SAAU,EACjCX,EACAS,CACF,CACF,EAGF,OAAOK,GAAUP,EAAYC,EAAaG,CAAS,CACrD,CAWA,eAAsBI,EAAoCC,EAAetB,EAAoC,CAC3G,GAAI,CAAE,UAAAC,EAAY,QAAS,UAAAsB,EAAW,OAAAhB,EAAQ,IAAAJ,EAAK,IAAAC,CAAI,EAAIJ,EAE3D,GAAIC,IAAc,SACZ,CAACsB,EAAW,CACd,GAAI,OAAOhB,GAAW,SACpB,MAAM,IAAIC,EAAU,4EAA4E,GAEjG,CAAE,UAAAe,CAAU,EAAI,MAAMd,EAAqBF,CAAM,EACpD,CAGF,GAAIN,IAAc,SAAW,CAACM,EAC5B,MAAM,IAAIC,EAAU,uCAAuC,EAE7D,GAAM,CAACgB,EAAQzB,EAASkB,EAAWF,CAAgB,EAAIU,GAASH,CAAK,EAG/DI,EADe,IAAIC,GAAqBH,CAAM,EACrB,UAAU,EAErCI,EAAiB,GAGrB,GAAI3B,IAAc,QAAS,CACzB,GAAIyB,IAAc,QAChB,MAAM,IAAI,MAAM,qBAAqBA,CAAS,4CAA4C,EAE5F,IAAMR,EAAc,OAAOX,GAAW,SAClC,IAAI,YAAY,EAAE,OAAOA,CAAM,EAC/BA,EAEEY,EAAY,MAAM,OAAO,OAAO,UACpC,MACAD,EACA,CAAE,KAAM,OAAQ,KAAM,SAAU,EAChC,GACA,CAAC,MAAM,CACT,EAEMW,EAAc,IAAI,WAAW,MAAM,OAAO,OAAO,KAAK,OAAQV,EAAWJ,CAAgC,CAAC,EAChHa,EAAiBE,EAAkBD,EAAa,IAAI,WAAWZ,CAAS,CAAC,CAC3E,KAEK,CACH,GAAIS,IAAc,QAChB,MAAM,IAAIlB,EAAU,qBAAqBkB,CAAS,4CAA4C,EAEhG,IAAMK,EAAe,IAAI,WAAWd,CAAS,EAU7C,GAPAW,EAAiB,MAAM,OAAO,OAAO,OACnC,CAAE,KAAM,QAAS,KAAM,SAAU,EACjCL,EACAQ,EACAhB,CACF,EAEI,CAACa,EAAgB,CAEnB,IAAMI,EAASC,EAASF,CAAY,EACpCH,EAAiB,MAAM,OAAO,OAAO,OACnC,CAAE,KAAM,QAAS,KAAM,SAAU,EACjCL,EACAS,EACAjB,CACF,CACF,CACF,CAEA,GAAI,CAACa,EACH,MAAM,IAAIpB,EAAU,uBAAuB,EAE7C,IAAM0B,EAAS,IAAIC,GAAoBpC,CAAO,EAC9C,GAAImC,EAAO,cAAc,GAAK,CAACA,EAAO,iBAAiB,EACrD,MAAM,IAAI1B,EAAU,aAAa,EACnC,GAAI0B,EAAO,aAAa,GAAK,CAACA,EAAO,gBAAgB,EACnD,MAAM,IAAI1B,EAAU,mBAAmB,EACzC,GAAIL,GAAQJ,EAAgB,MAAQI,EAClC,MAAM,IAAIK,EAAU,oBAAoB,EAE1C,GAAIJ,EAAK,CACP,IAAMgC,EAAmB,MAAM,QAAQhC,CAAG,EAAIA,EAAM,CAACA,CAAG,EAClDiC,EAAiBtC,EAAgB,IAClC,MAAM,QAASA,EAAgB,GAAG,EAAKA,EAAgB,IAAM,CAAEA,EAAgB,GAAG,EACnF,CAAC,EAEL,GAAI,CAACqC,EAAiB,KAAKE,GAAYD,EAAc,SAASC,CAAQ,CAAC,EACrE,MAAM,IAAI9B,EAAU,sBAAsB,CAC9C,CAEA,OAAOT,CACT","names":["createJWTSignatureMessage","encodeJWT","JWSRegisteredHeaders","JWTRegisteredClaims","parseJWT","parse","serialize","DEFAULT_COOKIE_SERIALIZE_OPTIONS","parseCookies","cookieHeader","cookies","parsed","name","Cookies","requestCookies","defaultOptions","#new","value","options","combinedOptions","headers","CSRF_COOKIE_NAME","SESSION_COOKIE_NAME","PKCE_COOKIE_NAME","CALLBACK_URI_COOKIE_NAME","CSRF_MAX_AGE","createAuth","adapter","providers","basePath","jwtConfig","cookieConfig","trustHosts","autoLink","algorithm","secret","iss","aud","defaultTTL","cookieOptions","DEFAULT_COOKIE_SERIALIZE_OPTIONS","providerMap","p","buildSignOptions","custom","base","esSecret","AuthError","buildVerifyOptions","signJWT","payload","customOptions","sign","verifyJWT","token","verify","createSession","userId","data","ttl","validateSession","user","generateCodeVerifier","generateState","createOAuthUris","state","codeVerifier","handleSignIn","request","auth","providerId","provider","json","originalState","codeVerifier","createOAuthUris","url","redirectTo","state","callbackUri","authUrl","requestCookies","parseCookies","cookies","Cookies","CSRF_COOKIE_NAME","CSRF_MAX_AGE","PKCE_COOKIE_NAME","CALLBACK_URI_COOKIE_NAME","response","value","key","redirect","handleCallback","code","savedState","originalSavedState","encodedRedirect","csrfToken","providerUser","tokens","userFromAccount","user","autoLink","existingUser","error","refreshToken","expiresAt","expiresAtDate","idToken","sessionToken","requestUrl","redirectUrl","isDesktopRedirect","isMobileRedirect","destination","html","SESSION_COOKIE_NAME","redirectParam","handleSession","rawCookieHeader","authHeader","sessionData","handleSignOut","createHandler","providerMap","basePath","applyCors","origin","verifyRequestOrigin","parts","action","trustHosts","originHost","requestHost","requestOrigin","AuthError","message","cause","json","data","init","headers","redirect","url","status","constantTimeEqual","a","b","diff","len","i","base64UrlToArray","base64Url","base64","padLength","padded","binary_string","bytes","deriveKeysFromSecret","secret","secretBytes","privateKey","jwk","publicKey","error","AuthError","rawToDer","raw","r","s","rOffset","sOffset","rPadded","sPadded","rLength","sLength","totalLength","der","sign","payload","options","algorithm","ttl","iss","aud","sub","privateKey","secret","AuthError","deriveKeysFromSecret","now","jwtPayload","isHS256","headerJSON","payloadJSON","signatureMessage","createJWTSignatureMessage","signature","secretBytes","cryptoKey","encodeJWT","verify","token","publicKey","header","parseJWT","headerAlg","JWSRegisteredHeaders","validSignature","expectedSig","constantTimeEqual","rawSignature","derSig","rawToDer","claims","JWTRegisteredClaims","expectedAudience","tokenAudience","audValue"]}
|
package/dist/chunk-OMD2JMMI.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../runtimes/cloudflare/index.ts"],"sourcesContent":["import type { CreateAuthOptions } from '../../core'\r\nimport { createAuth } from '../../core'\r\n\r\n/**\r\n * Creates an auth instance configured for Cloudflare Workers,\r\n * automatically trusting all hosts since Workers handle proxies securely.\r\n */\r\nexport function cloudflareAuth(options: CreateAuthOptions) {\r\n return createAuth({\r\n ...options,\r\n trustHosts: 'all',\r\n })\r\n}\r\n"],"mappings":"wCAOO,SAASA,EAAeC,EAA4B,CACzD,OAAOC,EAAW,CAChB,GAAGD,EACH,WAAY,KACd,CAAC,CACH","names":["cloudflareAuth","options","createAuth"]}
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
import type { CreateAuthOptions } from '../../core';
|
|
2
|
-
/**
|
|
3
|
-
* Creates an auth instance configured for Cloudflare Workers,
|
|
4
|
-
* automatically trusting all hosts since Workers handle proxies securely.
|
|
5
|
-
*/
|
|
6
|
-
export declare function cloudflareAuth(options: CreateAuthOptions): import("../..").Auth;
|
|
7
|
-
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../runtimes/cloudflare/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAA;AAGnD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,iBAAiB,wBAKxD"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|