@rttnd/gau 0.3.4 → 0.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunk-OCVUPYHU.js +1 -0
- package/dist/chunk-OCVUPYHU.js.map +1 -0
- package/dist/src/client/solid/index.jsx +1 -1
- package/dist/src/client/svelte/index.svelte.js +1 -1
- package/dist/src/client/svelte/index.svelte.js.map +1 -1
- package/dist/src/runtimes/index.js +1 -1
- package/dist/src/runtimes/tauri/index.d.ts.map +1 -1
- package/dist/src/runtimes/tauri/index.js +1 -1
- package/package.json +1 -1
- package/dist/chunk-LEYZAXTW.js +0 -1
- package/dist/chunk-LEYZAXTW.js.map +0 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
import{BROWSER as n}from"esm-env";import{BROWSER as o}from"esm-env";var t=n&&"__TAURI_INTERNALS__"in globalThis;async function a(n,o,a="gau",i){if(!t)return;const{platform:e}=await import("@tauri-apps/plugin-os"),{open:r}=await import("@tauri-apps/plugin-shell"),s=e();let c;c=i||("android"===s||"ios"===s?new URL(o).origin:`${a}://oauth/callback`);const p=`${o}/${n}?redirectTo=${encodeURIComponent(c)}`;await r(p)}async function i(n){if(!t)return;const{listen:o}=await import("@tauri-apps/api/event");try{return await o("deep-link",async o=>{await n(o.payload)})}catch(n){console.error(n)}}function e(n,o,t,a){const i=new URL(n);if(i.protocol!==`${t}:`&&i.origin!==new URL(o).origin)return;const e=new URLSearchParams(i.hash.substring(1)).get("token");e&&a(e)}async function r(n,a,i="gau",e){if(!t)return;const{platform:r}=await import("@tauri-apps/plugin-os"),{open:s}=await import("@tauri-apps/plugin-shell"),c=r();let p;p=e||("android"===c||"ios"===c?new URL(a).origin:`${i}://oauth/callback`);const l=o?localStorage.getItem("gau-token"):null;if(!l)return void console.error("No session token found, cannot link account.");const u=`${a}/link/${n}${`?redirectTo=${encodeURIComponent(p)}&token=${encodeURIComponent(l)}`}`;await s(u)}export{t as isTauri,a as signInWithTauri,i as setupTauriListener,e as handleTauriDeepLink,r as linkAccountWithTauri};//# sourceMappingURL=chunk-OCVUPYHU.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/runtimes/tauri/index.ts","../src/client/token.ts"],"sourcesContent":["import { BROWSER } from 'esm-env'\nimport { getSessionToken } from '../../client/token'\n\nexport const isTauri = BROWSER && '__TAURI_INTERNALS__' in (globalThis as any)\n\nexport async function signInWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n) {\n if (!isTauri)\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { open } = await import('@tauri-apps/plugin-shell')\n\n const currentPlatform = platform() // platform is NO LONGER an async function\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const authUrl = `${baseUrl}/${provider}?redirectTo=${encodeURIComponent(redirectTo)}`\n await open(authUrl)\n}\n\nexport async function setupTauriListener(\n handler: (url: string) => Promise<void>,\n): Promise<(() => void) | void> {\n if (!isTauri)\n return\n\n const { listen } = await import('@tauri-apps/api/event')\n try {\n const unlisten = await listen<string>('deep-link', async (event) => {\n await handler(event.payload)\n })\n return unlisten\n }\n catch (err) {\n console.error(err)\n }\n}\n\nexport function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void) {\n const parsed = new URL(url)\n if (parsed.protocol !== `${scheme}:` && parsed.origin !== new URL(baseUrl).origin)\n return\n\n const params = new URLSearchParams(parsed.hash.substring(1))\n const token = params.get('token')\n if (token)\n onToken(token)\n}\n\nexport async function linkAccountWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n) {\n if (!isTauri)\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { open } = await import('@tauri-apps/plugin-shell')\n\n const currentPlatform = platform()\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const token = getSessionToken()\n if (!token) {\n console.error('No session token found, cannot link account.')\n return\n }\n\n const query = `?redirectTo=${encodeURIComponent(redirectTo)}&token=${encodeURIComponent(token)}`\n const linkUrl = `${baseUrl}/link/${provider}${query}`\n await open(linkUrl)\n}\n","import { BROWSER } from 'esm-env'\n\nexport function storeSessionToken(token: string) {\n if (!BROWSER)\n return\n try {\n localStorage.setItem('gau-token', token)\n document.cookie = `__gau-session-token=${token}; path=/; max-age=31536000; samesite=lax; secure`\n }\n catch {}\n}\n\nexport function getSessionToken(): string | null {\n if (!BROWSER)\n return null\n return localStorage.getItem('gau-token')\n}\n\nexport function clearSessionToken() {\n if (!BROWSER)\n return\n try {\n localStorage.removeItem('gau-token')\n document.cookie = `__gau-session-token=; path=/; max-age=0`\n }\n catch {}\n}\n"],"mappings":";AAAA,SAAS,WAAAA,gBAAe;;;ACAxB,SAAS,eAAe;AAYjB,SAAS,kBAAiC;AAC/C,MAAI,CAAC;AACH,WAAO;AACT,SAAO,aAAa,QAAQ,WAAW;AACzC;;;ADbO,IAAM,UAAUC,YAAW,yBAA0B;AAE5D,eAAsB,gBACpB,UACA,SACA,SAAiB,OACjB,kBACA;AACA,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,UAAU,GAAG,OAAO,IAAI,QAAQ,eAAe,mBAAmB,UAAU,CAAC;AACnF,QAAM,KAAK,OAAO;AACpB;AAEA,eAAsB,mBACpB,SAC8B;AAC9B,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,uBAAuB;AACvD,MAAI;AACF,UAAM,WAAW,MAAM,OAAe,aAAa,OAAO,UAAU;AAClE,YAAM,QAAQ,MAAM,OAAO;AAAA,IAC7B,CAAC;AACD,WAAO;AAAA,EACT,SACO,KAAK;AACV,YAAQ,MAAM,GAAG;AAAA,EACnB;AACF;AAEO,SAAS,oBAAoB,KAAa,SAAiB,QAAgB,SAAkC;AAClH,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,MAAI,OAAO,aAAa,GAAG,MAAM,OAAO,OAAO,WAAW,IAAI,IAAI,OAAO,EAAE;AACzE;AAEF,QAAM,SAAS,IAAI,gBAAgB,OAAO,KAAK,UAAU,CAAC,CAAC;AAC3D,QAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,MAAI;AACF,YAAQ,KAAK;AACjB;AAEA,eAAsB,qBACpB,UACA,SACA,SAAiB,OACjB,kBACA;AACA,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,QAAQ,gBAAgB;AAC9B,MAAI,CAAC,OAAO;AACV,YAAQ,MAAM,8CAA8C;AAC5D;AAAA,EACF;AAEA,QAAM,QAAQ,eAAe,mBAAmB,UAAU,CAAC,UAAU,mBAAmB,KAAK,CAAC;AAC9F,QAAM,UAAU,GAAG,OAAO,SAAS,QAAQ,GAAG,KAAK;AACnD,QAAM,KAAK,OAAO;AACpB;","names":["BROWSER","BROWSER"]}
|
|
@@ -55,7 +55,7 @@ function clearSessionToken() {
|
|
|
55
55
|
}
|
|
56
56
|
|
|
57
57
|
// src/runtimes/tauri/index.ts
|
|
58
|
-
var isTauri = BROWSER2 && "__TAURI_INTERNALS__" in
|
|
58
|
+
var isTauri = BROWSER2 && "__TAURI_INTERNALS__" in globalThis;
|
|
59
59
|
async function signInWithTauri(provider, baseUrl, scheme = "gau", redirectOverride) {
|
|
60
60
|
if (!isTauri)
|
|
61
61
|
return;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{BROWSER as t}from"esm-env";import{getContext as o,setContext as n}from"svelte";import{parse as e,serialize as i}from"cookie";import{createJWTSignatureMessage as a,encodeJWT as r,JWSRegisteredHeaders as c,JWTRegisteredClaims as s,parseJWT as
|
|
1
|
+
import{BROWSER as t}from"esm-env";import{getContext as o,setContext as n}from"svelte";import{parse as e,serialize as i}from"cookie";import{createJWTSignatureMessage as a,encodeJWT as r,JWSRegisteredHeaders as c,JWTRegisteredClaims as s,parseJWT as l}from"@oslojs/jwt";import{generateCodeVerifier as u,generateState as d}from"arctic";var p={user:null,session:null,accounts:null};import{BROWSER as w}from"esm-env";import{BROWSER as h}from"esm-env";function f(t){if(h)try{localStorage.setItem("gau-token",t),document.cookie=`__gau-session-token=${t}; path=/; max-age=31536000; samesite=lax; secure`}catch{}}function m(){return h?localStorage.getItem("gau-token"):null}var g=w&&"__TAURI_INTERNALS__"in globalThis;var k=Symbol("gau-auth");function y({baseUrl:o="/api/auth",scheme:e="gau",redirectTo:i}={}){let a=$state({...p,providers:[]});async function r(){if(!t)return void(a={...p,providers:[]});const n=m(),e=n?{Authorization:`Bearer ${n}`}:void 0,i=await fetch(`${o}/session`,n?{headers:e}:{credentials:"include"}),r=i.headers.get("content-type");a=r?.includes("application/json")?await i.json():{...p,providers:[]}}if(t){const t=new URL(window.location.href).hash.substring(1),o=new URLSearchParams(t).get("token");o?(f(o),(async()=>{try{const{replaceState:t}=await import("$app/navigation");await t(window.location.pathname+window.location.search,{})}catch{window.history.replaceState(null,"",window.location.pathname+window.location.search)}await r()})()):r()}$effect(()=>{if(!t||!g)return;let n,i=!1;return async function(t){if(!g)return;const{listen:o}=await import("@tauri-apps/api/event");try{return await o("deep-link",async o=>{await t(o.payload)})}catch(t){console.error(t)}}(async t=>{!function(t,o,n,e){const i=new URL(t);if(i.protocol!==`${n}:`&&i.origin!==new URL(o).origin)return;const a=new URLSearchParams(i.hash.substring(1)).get("token");a&&e(a)}(t,o,e,async t=>{f(t),await r()})}).then(t=>{i?t?.():n=t}),()=>{i=!0,n?.()}});const c={get session(){return a},signIn:async function(n,{redirectTo:a}={}){let r=a??i;if(g)await async function(t,o,n="gau",e){if(!g)return;const{platform:i}=await import("@tauri-apps/plugin-os"),{open:a}=await import("@tauri-apps/plugin-shell"),r=i();let c;c=e||("android"===r||"ios"===r?new URL(o).origin:`${n}://oauth/callback`);const s=`${o}/${t}?redirectTo=${encodeURIComponent(c)}`;await a(s)}(n,o,e,r);else{!r&&t&&(r=window.location.origin);const e=r?`?redirectTo=${encodeURIComponent(r)}`:"";window.location.href=`${o}/${n}${e}`}},linkAccount:async function(n,{redirectTo:a}={}){if(g)return void await async function(t,o,n="gau",e){if(!g)return;const{platform:i}=await import("@tauri-apps/plugin-os"),{open:a}=await import("@tauri-apps/plugin-shell"),r=i();let c;c=e||("android"===r||"ios"===r?new URL(o).origin:`${n}://oauth/callback`);const s=m();if(!s)return void console.error("No session token found, cannot link account.");const l=`${o}/link/${t}?redirectTo=${encodeURIComponent(c)}&token=${encodeURIComponent(s)}`;await a(l)}(n,o,e,a);let r=a??i;!r&&t&&(r=window.location.href);const c=r?`?redirectTo=${encodeURIComponent(r)}`:"",s=`${o}/link/${n}${c}${c?"&":"?"}redirect=false`,l=m(),u=l?{headers:{Authorization:`Bearer ${l}`}}:{credentials:"include"},d=await fetch(s,u);if(d.redirected)window.location.href=d.url;else try{const t=await d.json();t.url&&(window.location.href=t.url)}catch(t){console.error("Failed to parse response from link endpoint",t)}},unlinkAccount:async function(t){const n=m(),e=n?{headers:{Authorization:`Bearer ${n}`}}:{credentials:"include"},i=await fetch(`${o}/unlink/${t}`,{method:"POST",...e});i.ok?await r():console.error("Failed to unlink account",await i.json())},signOut:async function(){!function(){if(h)try{localStorage.removeItem("gau-token"),document.cookie="__gau-session-token=; path=/; max-age=0"}catch{}}();const t=m(),n=t?{Authorization:`Bearer ${t}`}:void 0;await fetch(`${o}/signout`,t?{method:"POST",headers:n}:{method:"POST",credentials:"include"}),await r()}};n(k,c)}function v(){const t=o(k);if(!t)throw new Error("useAuth must be used within an AuthProvider");return t}export{y as createSvelteAuth,v as useAuth};//# sourceMappingURL=index.svelte.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/client/svelte/index.svelte.ts","../../../../src/core/cookies.ts","../../../../src/jwt/jwt.ts","../../../../src/oauth/utils.ts","../../../../src/core/index.ts","../../../../src/runtimes/tauri/index.ts","../../../../src/client/token.ts"],"sourcesContent":["import type { GauSession, ProviderIds } from '../../core'\nimport { BROWSER } from 'esm-env'\nimport { getContext, setContext } from 'svelte'\nimport { NULL_SESSION } from '../../core'\nimport { handleTauriDeepLink, isTauri, linkAccountWithTauri, setupTauriListener, signInWithTauri } from '../../runtimes/tauri'\nimport { clearSessionToken, getSessionToken, storeSessionToken } from '../token'\n\ninterface AuthContextValue<TAuth = unknown> {\n session: GauSession<ProviderIds<TAuth>>\n signIn: (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>\n linkAccount: (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>\n unlinkAccount: (provider: ProviderIds<TAuth>) => Promise<void>\n signOut: () => Promise<void>\n}\n\nconst AUTH_CONTEXT_KEY = Symbol('gau-auth')\n\nexport function createSvelteAuth<const TAuth = unknown>({\n baseUrl = '/api/auth',\n scheme = 'gau',\n redirectTo: defaultRedirectTo,\n}: {\n baseUrl?: string\n scheme?: string\n redirectTo?: string\n} = {}) {\n type CurrentSession = GauSession<ProviderIds<TAuth>>\n let session = $state<CurrentSession>({ ...NULL_SESSION, providers: [] })\n\n async function fetchSession() {\n if (!BROWSER) {\n session = { ...NULL_SESSION, providers: [] }\n return\n }\n\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n const res = await fetch(`${baseUrl}/session`, token ? { headers } : { credentials: 'include' })\n\n const contentType = res.headers.get('content-type')\n if (contentType?.includes('application/json')) {\n session = await res.json()\n }\n else {\n session = {\n ...NULL_SESSION,\n providers: [] as ProviderIds<TAuth>[],\n }\n }\n }\n\n async function signIn(provider: ProviderIds<TAuth>, { redirectTo }: { redirectTo?: string } = {}) {\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n if (isTauri) {\n await signInWithTauri(provider as string, baseUrl, scheme, finalRedirectTo)\n }\n else {\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.origin\n\n const query = finalRedirectTo ? `?redirectTo=${encodeURIComponent(finalRedirectTo)}` : ''\n window.location.href = `${baseUrl}/${provider as string}${query}`\n }\n }\n\n async function linkAccount(provider: ProviderIds<TAuth>, { redirectTo }: { redirectTo?: string } = {}) {\n if (isTauri) {\n await linkAccountWithTauri(provider as string, baseUrl, scheme, redirectTo)\n return\n }\n\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.href\n\n const query = finalRedirectTo ? `?redirectTo=${encodeURIComponent(finalRedirectTo)}` : ''\n const linkUrl = `${baseUrl}/link/${provider as string}${query}${query ? '&' : '?'}redirect=false`\n\n const token = getSessionToken()\n\n const fetchOptions: RequestInit = token\n ? { headers: { Authorization: `Bearer ${token}` } }\n : { credentials: 'include' }\n\n const res = await fetch(linkUrl, fetchOptions)\n if (res.redirected) {\n window.location.href = res.url\n }\n else {\n try {\n const data = await res.json()\n if (data.url)\n window.location.href = data.url\n }\n catch (e) {\n console.error('Failed to parse response from link endpoint', e)\n }\n }\n }\n\n async function unlinkAccount(provider: ProviderIds<TAuth>) {\n const token = getSessionToken()\n const fetchOptions: RequestInit = token\n ? { headers: { Authorization: `Bearer ${token}` } }\n : { credentials: 'include' }\n\n const res = await fetch(`${baseUrl}/unlink/${provider as string}`, {\n method: 'POST',\n ...fetchOptions,\n })\n\n if (res.ok)\n await fetchSession()\n else\n console.error('Failed to unlink account', await res.json())\n }\n\n async function signOut() {\n clearSessionToken()\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n await fetch(`${baseUrl}/signout`, token ? { method: 'POST', headers } : { method: 'POST', credentials: 'include' })\n await fetchSession()\n }\n\n if (BROWSER) {\n const hash = new URL(window.location.href).hash.substring(1)\n const params = new URLSearchParams(hash)\n const tokenFromUrl = params.get('token')\n\n if (tokenFromUrl) {\n storeSessionToken(tokenFromUrl)\n void (async () => {\n try {\n // @ts-expect-error - SvelteKit-only\n const { replaceState } = await import('$app/navigation')\n await replaceState(window.location.pathname + window.location.search, {})\n }\n catch {\n window.history.replaceState(null, '', window.location.pathname + window.location.search)\n }\n await fetchSession()\n })()\n }\n else {\n fetchSession()\n }\n }\n\n $effect(() => {\n if (!BROWSER || !isTauri)\n return\n\n let cleanup: (() => void) | void\n let disposed = false\n\n setupTauriListener(async (url) => {\n handleTauriDeepLink(url, baseUrl, scheme, async (token) => {\n storeSessionToken(token)\n await fetchSession()\n })\n }).then((unlisten) => {\n if (disposed)\n unlisten?.()\n else\n cleanup = unlisten\n })\n\n return () => {\n disposed = true\n cleanup?.()\n }\n })\n\n const contextValue: AuthContextValue<TAuth> = {\n get session() {\n return session\n },\n signIn: signIn as (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>,\n linkAccount: linkAccount as (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>,\n unlinkAccount: unlinkAccount as (provider: ProviderIds<TAuth>) => Promise<void>,\n signOut,\n }\n\n setContext(AUTH_CONTEXT_KEY, contextValue)\n}\n\nexport function useAuth<const TAuth = unknown>(): AuthContextValue<TAuth> {\n const context = getContext<AuthContextValue<TAuth>>(AUTH_CONTEXT_KEY)\n if (!context)\n throw new Error('useAuth must be used within an AuthProvider')\n\n return context\n}\n","import type { SerializeOptions } from 'cookie'\nimport { parse, serialize } from 'cookie'\n\nexport const DEFAULT_COOKIE_SERIALIZE_OPTIONS: SerializeOptions = {\n path: '/',\n sameSite: 'lax',\n secure: true,\n httpOnly: true,\n}\n\nexport type Cookie = [string, string, SerializeOptions]\n\nexport function parseCookies(cookieHeader: string | null | undefined): Map<string, string> {\n const cookies = new Map<string, string>()\n if (cookieHeader) {\n const parsed = parse(cookieHeader)\n for (const name in parsed)\n cookies.set(name, parsed[name]!)\n }\n return cookies\n}\n\nexport class Cookies {\n #new: Cookie[] = []\n\n constructor(\n private readonly requestCookies: Map<string, string>,\n private readonly defaultOptions: SerializeOptions,\n ) {}\n\n get(name: string): string | undefined {\n return this.requestCookies.get(name)\n }\n\n set(name: string, value: string, options?: SerializeOptions): void {\n const combinedOptions = { ...this.defaultOptions, ...options }\n this.#new.push([name, value, combinedOptions])\n }\n\n delete(name: string, options?: Omit<SerializeOptions, 'expires' | 'maxAge'>): void {\n this.set(name, '', { ...options, expires: new Date(0), maxAge: 0 })\n }\n\n toHeaders(): Headers {\n const headers = new Headers()\n for (const [name, value, options] of this.#new)\n headers.append('Set-Cookie', serialize(name, value, options))\n\n return headers\n }\n}\n\nexport const CSRF_COOKIE_NAME = '__gau-csrf-token'\nexport const SESSION_COOKIE_NAME = '__gau-session-token'\nexport const SESSION_STRATEGY_COOKIE_NAME = '__gau-session-strategy'\nexport const LINKING_TOKEN_COOKIE_NAME = '__gau-linking-token'\nexport const PKCE_COOKIE_NAME = '__gau-pkce-code-verifier'\nexport const CALLBACK_URI_COOKIE_NAME = '__gau-callback-uri'\n\nexport const CSRF_MAX_AGE = 60 * 10 // 10 minutes\n","/// <reference types=\"node\" />\nimport {\n createJWTSignatureMessage,\n encodeJWT,\n JWSRegisteredHeaders,\n JWTRegisteredClaims,\n parseJWT,\n} from '@oslojs/jwt'\nimport { AuthError } from '../core/index'\nimport { constantTimeEqual, deriveKeysFromSecret, rawToDer } from './utils'\n\nexport type SupportedAlgorithm = 'ES256' | 'HS256'\n\ninterface CommonSignOptions {\n /** Time-to-live in seconds (exp claim). If omitted the token will not expire. */\n ttl?: number\n}\n\nexport type SignOptions\n = | ({ algorithm?: 'ES256', privateKey?: CryptoKey, secret?: string }\n & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n | ({ algorithm: 'HS256', secret?: string | Uint8Array, privateKey?: never }\n & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n\n/**\n * Create a signed JWT.\n * Defaults to ES256 when a privateKey is supplied. Falls back to HS256 when a secret is supplied.\n */\nexport async function sign<T extends Record<string, unknown>>(payload: T, options: SignOptions = {}): Promise<string> {\n let { algorithm = 'ES256', ttl, iss, aud, sub, privateKey, secret } = options\n\n if (algorithm === 'ES256') {\n if (!privateKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 signing. It must be a base64url-encoded string.');\n\n ({ privateKey } = await deriveKeysFromSecret(secret))\n }\n }\n else if (algorithm === 'HS256' && !secret) {\n throw new AuthError('Missing secret for HS256 signing')\n }\n\n const now = Math.floor(Date.now() / 1000)\n\n const jwtPayload: Record<string, unknown> = { iat: now, iss, aud, sub, ...payload }\n\n if (ttl != null && ttl > 0)\n jwtPayload.exp = now + ttl\n\n const isHS256 = algorithm === 'HS256'\n const alg: SupportedAlgorithm = isHS256 ? 'HS256' : 'ES256'\n\n const headerJSON = JSON.stringify({ alg, typ: 'JWT' })\n const payloadJSON = JSON.stringify(jwtPayload)\n\n const signatureMessage = createJWTSignatureMessage(headerJSON, payloadJSON)\n\n let signature: Uint8Array\n\n if (isHS256) {\n // HS256 (HMAC-SHA256)\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n signature = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n }\n else {\n // ES256 (ECDSA-SHA256)\n // Runtimes like Bun's return the raw (r||s) signature directly, not DER-encoded.\n signature = new Uint8Array(\n await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey!,\n signatureMessage as BufferSource,\n ),\n )\n }\n\n return encodeJWT(headerJSON, payloadJSON, signature)\n}\n\nexport type VerifyOptions\n = | { algorithm?: 'ES256', publicKey?: CryptoKey, secret?: string, iss?: string, aud?: string | string[] }\n | { algorithm: 'HS256', secret?: string | Uint8Array, publicKey?: never, iss?: string, aud?: string | string[] }\n\n/**\n * Verify a JWT and return its payload when the signature is valid.\n * The algorithm is inferred from options – ES256 by default.\n * Throws when verification fails or the token is expired.\n */\nexport async function verify<T = Record<string, unknown>>(token: string, options: VerifyOptions): Promise<T> {\n let { algorithm = 'ES256', publicKey, secret, iss, aud } = options\n\n if (algorithm === 'ES256') {\n if (!publicKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 verification. Must be a base64url-encoded string.');\n\n ({ publicKey } = await deriveKeysFromSecret(secret))\n }\n }\n\n if (algorithm === 'HS256' && !secret)\n throw new AuthError('Missing secret for HS256 verification')\n\n const [header, payload, signature, signatureMessage] = parseJWT(token)\n\n const headerParams = new JWSRegisteredHeaders(header)\n const headerAlg = headerParams.algorithm()\n\n let validSignature = false\n\n // HS256 verification path\n if (algorithm === 'HS256') {\n if (headerAlg !== 'HS256')\n throw new Error(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"HS256\"`)\n\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n const expectedSig = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n validSignature = constantTimeEqual(expectedSig, new Uint8Array(signature))\n }\n // ES256 verification path (default)\n else {\n if (headerAlg !== 'ES256')\n throw new AuthError(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"ES256\"`)\n\n const signatureBytes = new Uint8Array(signature)\n\n // Runtimes like Node.js return DER-encoded signatures. Others (Bun) return raw (r||s).\n // We try DER first, as it's more common in Node environments.\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n signatureBytes as BufferSource,\n signatureMessage as BufferSource,\n )\n\n if (!validSignature && signatureBytes.length === 64) {\n // If DER verification fails and the signature is 64 bytes, it might be a raw signature.\n // Convert it to DER and try again.\n try {\n const derSig = rawToDer(signatureBytes)\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n derSig as BufferSource,\n signatureMessage as BufferSource,\n )\n }\n catch {\n // rawToDer can throw if the signature is not 64 bytes, but we already checked.\n // This catch is for other unexpected errors.\n validSignature = false\n }\n }\n }\n\n if (!validSignature)\n throw new AuthError('Invalid JWT signature')\n\n const claims = new JWTRegisteredClaims(payload)\n if (claims.hasExpiration() && !claims.verifyExpiration())\n throw new AuthError('JWT expired')\n if (claims.hasNotBefore() && !claims.verifyNotBefore())\n throw new AuthError('JWT not yet valid')\n if (iss && (payload as any).iss !== iss)\n throw new AuthError('Invalid JWT issuer')\n\n if (aud) {\n const expectedAudience = Array.isArray(aud) ? aud : [aud]\n const tokenAudience = (payload as any).aud\n ? (Array.isArray((payload as any).aud) ? (payload as any).aud : [(payload as any).aud])\n : []\n\n if (!expectedAudience.some(audValue => tokenAudience.includes(audValue)))\n throw new AuthError('Invalid JWT audience')\n }\n\n return payload as T\n}\n","import { generateCodeVerifier, generateState } from 'arctic'\n\nexport function createOAuthUris() {\n const state = generateState()\n const codeVerifier = generateCodeVerifier()\n\n return {\n state,\n codeVerifier,\n }\n}\n","export interface RequestLike {\n /** Absolute or relative URL */\n readonly url: string\n /** Upper-case HTTP method (e.g. `GET`) */\n readonly method: string\n /** All HTTP headers – mutable so adapters can append */\n readonly headers: Headers\n /** Lazily parse the body as JSON */\n json: <T = unknown>() => Promise<T>\n /** Raw text body */\n text: () => Promise<string>\n /** FormData helper (for `application/x-www-form-urlencoded` or `multipart/form-data`) */\n formData: () => Promise<FormData>\n}\n\nexport interface ResponseLike {\n readonly status: number\n readonly headers: Headers\n readonly body?: BodyInit | null\n json: <T = unknown>() => Promise<T>\n text: () => Promise<string>\n}\n\nexport interface User {\n id: string\n name?: string | null\n email?: string | null\n emailVerified?: boolean | null\n image?: string | null\n}\n\nexport interface Session {\n id: string\n sub: string\n [key: string]: unknown\n}\n\nexport interface GauSession<TProviders extends string = string> {\n user: User | null\n session: Session | null\n accounts?: Account[] | null\n providers?: TProviders[]\n}\n\nexport const NULL_SESSION = {\n user: null,\n session: null,\n accounts: null,\n} as const\n\nexport interface NewUser extends Omit<User, 'id' | 'accounts'> {\n id?: string\n}\n\nexport interface Account {\n userId: string\n provider: string\n providerAccountId: string\n type?: string // e.g. \"oauth\"\n accessToken?: string | null\n refreshToken?: string | null\n expiresAt?: number | null // epoch seconds\n idToken?: string | null\n scope?: string | null\n tokenType?: string | null\n sessionState?: string | null\n}\n\nexport interface NewAccount extends Account {}\n\nexport interface Adapter {\n getUser: (id: string) => Promise<User | null>\n getUserByEmail: (email: string) => Promise<User | null>\n getUserByAccount: (provider: string, providerAccountId: string) => Promise<User | null>\n getAccounts: (userId: string) => Promise<Account[]>\n getUserAndAccounts: (userId: string) => Promise<{ user: User, accounts: Account[] } | null>\n createUser: (data: NewUser) => Promise<User>\n linkAccount: (data: NewAccount) => Promise<void>\n unlinkAccount: (provider: string, providerAccountId: string) => Promise<void>\n updateUser: (data: Partial<User> & { id: string }) => Promise<User>\n deleteUser: (id: string) => Promise<void>\n}\n\nexport class AuthError extends Error {\n override readonly cause?: unknown\n constructor(message: string, cause?: unknown) {\n super(message)\n this.name = 'AuthError'\n this.cause = cause\n }\n}\n\nexport function json<T>(data: T, init: ResponseInit = {}): Response {\n const headers = new Headers(init.headers)\n if (!headers.has('Content-Type'))\n headers.set('Content-Type', 'application/json; charset=utf-8')\n return new Response(JSON.stringify(data), { ...init, headers })\n}\n\nexport function redirect(url: string, status: 302 | 303 = 302): Response {\n return new Response(null, {\n status,\n headers: {\n Location: url,\n },\n })\n}\n\nexport * from './cookies'\nexport * from './createAuth'\nexport * from './handler'\n","import { BROWSER } from 'esm-env'\nimport { getSessionToken } from '../../client/token'\n\nexport const isTauri = BROWSER && '__TAURI_INTERNALS__' in window\n\nexport async function signInWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n) {\n if (!isTauri)\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { open } = await import('@tauri-apps/plugin-shell')\n\n const currentPlatform = platform() // platform is NO LONGER an async function\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const authUrl = `${baseUrl}/${provider}?redirectTo=${encodeURIComponent(redirectTo)}`\n await open(authUrl)\n}\n\nexport async function setupTauriListener(\n handler: (url: string) => Promise<void>,\n): Promise<(() => void) | void> {\n if (!isTauri)\n return\n\n const { listen } = await import('@tauri-apps/api/event')\n try {\n const unlisten = await listen<string>('deep-link', async (event) => {\n await handler(event.payload)\n })\n return unlisten\n }\n catch (err) {\n console.error(err)\n }\n}\n\nexport function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void) {\n const parsed = new URL(url)\n if (parsed.protocol !== `${scheme}:` && parsed.origin !== new URL(baseUrl).origin)\n return\n\n const params = new URLSearchParams(parsed.hash.substring(1))\n const token = params.get('token')\n if (token)\n onToken(token)\n}\n\nexport async function linkAccountWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n) {\n if (!isTauri)\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { open } = await import('@tauri-apps/plugin-shell')\n\n const currentPlatform = platform()\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const token = getSessionToken()\n if (!token) {\n console.error('No session token found, cannot link account.')\n return\n }\n\n const query = `?redirectTo=${encodeURIComponent(redirectTo)}&token=${encodeURIComponent(token)}`\n const linkUrl = `${baseUrl}/link/${provider}${query}`\n await open(linkUrl)\n}\n","import { BROWSER } from 'esm-env'\n\nexport function storeSessionToken(token: string) {\n if (!BROWSER)\n return\n try {\n localStorage.setItem('gau-token', token)\n document.cookie = `__gau-session-token=${token}; path=/; max-age=31536000; samesite=lax; secure`\n }\n catch {}\n}\n\nexport function getSessionToken(): string | null {\n if (!BROWSER)\n return null\n return localStorage.getItem('gau-token')\n}\n\nexport function clearSessionToken() {\n if (!BROWSER)\n return\n try {\n localStorage.removeItem('gau-token')\n document.cookie = `__gau-session-token=; path=/; max-age=0`\n }\n catch {}\n}\n"],"mappings":";AACA,SAAS,WAAAA,gBAAe;AACxB,SAAS,YAAY,kBAAkB;;;ACDvC,SAAS,OAAO,iBAAiB;AA0D1B,IAAM,eAAe,KAAK;;;AC1DjC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;ACPP,SAAS,sBAAsB,qBAAqB;;;AC4C7C,IAAM,eAAe;AAAA,EAC1B,MAAM;AAAA,EACN,SAAS;AAAA,EACT,UAAU;AACZ;;;AChDA,SAAS,WAAAC,gBAAe;;;ACAxB,SAAS,eAAe;AAEjB,SAAS,kBAAkB,OAAe;AAC/C,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,QAAQ,aAAa,KAAK;AACvC,aAAS,SAAS,uBAAuB,KAAK;AAAA,EAChD,QACM;AAAA,EAAC;AACT;AAEO,SAAS,kBAAiC;AAC/C,MAAI,CAAC;AACH,WAAO;AACT,SAAO,aAAa,QAAQ,WAAW;AACzC;AAEO,SAAS,oBAAoB;AAClC,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,WAAW,WAAW;AACnC,aAAS,SAAS;AAAA,EACpB,QACM;AAAA,EAAC;AACT;;;ADvBO,IAAM,UAAUC,YAAW,yBAAyB;AAE3D,eAAsB,gBACpB,UACA,SACA,SAAiB,OACjB,kBACA;AACA,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,UAAU,GAAG,OAAO,IAAI,QAAQ,eAAe,mBAAmB,UAAU,CAAC;AACnF,QAAM,KAAK,OAAO;AACpB;AAEA,eAAsB,mBACpB,SAC8B;AAC9B,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,uBAAuB;AACvD,MAAI;AACF,UAAM,WAAW,MAAM,OAAe,aAAa,OAAO,UAAU;AAClE,YAAM,QAAQ,MAAM,OAAO;AAAA,IAC7B,CAAC;AACD,WAAO;AAAA,EACT,SACO,KAAK;AACV,YAAQ,MAAM,GAAG;AAAA,EACnB;AACF;AAEO,SAAS,oBAAoB,KAAa,SAAiB,QAAgB,SAAkC;AAClH,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,MAAI,OAAO,aAAa,GAAG,MAAM,OAAO,OAAO,WAAW,IAAI,IAAI,OAAO,EAAE;AACzE;AAEF,QAAM,SAAS,IAAI,gBAAgB,OAAO,KAAK,UAAU,CAAC,CAAC;AAC3D,QAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,MAAI;AACF,YAAQ,KAAK;AACjB;AAEA,eAAsB,qBACpB,UACA,SACA,SAAiB,OACjB,kBACA;AACA,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,QAAQ,gBAAgB;AAC9B,MAAI,CAAC,OAAO;AACV,YAAQ,MAAM,8CAA8C;AAC5D;AAAA,EACF;AAEA,QAAM,QAAQ,eAAe,mBAAmB,UAAU,CAAC,UAAU,mBAAmB,KAAK,CAAC;AAC9F,QAAM,UAAU,GAAG,OAAO,SAAS,QAAQ,GAAG,KAAK;AACnD,QAAM,KAAK,OAAO;AACpB;;;AL5EA,IAAM,mBAAmB,OAAO,UAAU;AAEnC,SAAS,iBAAwC;AAAA,EACtD,UAAU;AAAA,EACV,SAAS;AAAA,EACT,YAAY;AACd,IAII,CAAC,GAAG;AAEN,MAAI,UAAU,OAAuB,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE,CAAC;AAEvE,iBAAe,eAAe;AAC5B,QAAI,CAACC,UAAS;AACZ,gBAAU,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE;AAC3C;AAAA,IACF;AAEA,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,IAAI,EAAE,aAAa,UAAU,CAAC;AAE9F,UAAM,cAAc,IAAI,QAAQ,IAAI,cAAc;AAClD,QAAI,aAAa,SAAS,kBAAkB,GAAG;AAC7C,gBAAU,MAAM,IAAI,KAAK;AAAA,IAC3B,OACK;AACH,gBAAU;AAAA,QACR,GAAG;AAAA,QACH,WAAW,CAAC;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,OAAO,UAA8B,EAAE,WAAW,IAA6B,CAAC,GAAG;AAChG,QAAI,kBAAkB,cAAc;AACpC,QAAI,SAAS;AACX,YAAM,gBAAgB,UAAoB,SAAS,QAAQ,eAAe;AAAA,IAC5E,OACK;AACH,UAAI,CAAC,mBAAmBA;AACtB,0BAAkB,OAAO,SAAS;AAEpC,YAAM,QAAQ,kBAAkB,eAAe,mBAAmB,eAAe,CAAC,KAAK;AACvF,aAAO,SAAS,OAAO,GAAG,OAAO,IAAI,QAAkB,GAAG,KAAK;AAAA,IACjE;AAAA,EACF;AAEA,iBAAe,YAAY,UAA8B,EAAE,WAAW,IAA6B,CAAC,GAAG;AACrG,QAAI,SAAS;AACX,YAAM,qBAAqB,UAAoB,SAAS,QAAQ,UAAU;AAC1E;AAAA,IACF;AAEA,QAAI,kBAAkB,cAAc;AACpC,QAAI,CAAC,mBAAmBA;AACtB,wBAAkB,OAAO,SAAS;AAEpC,UAAM,QAAQ,kBAAkB,eAAe,mBAAmB,eAAe,CAAC,KAAK;AACvF,UAAM,UAAU,GAAG,OAAO,SAAS,QAAkB,GAAG,KAAK,GAAG,QAAQ,MAAM,GAAG;AAEjF,UAAM,QAAQ,gBAAgB;AAE9B,UAAM,eAA4B,QAC9B,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAChD,EAAE,aAAa,UAAU;AAE7B,UAAM,MAAM,MAAM,MAAM,SAAS,YAAY;AAC7C,QAAI,IAAI,YAAY;AAClB,aAAO,SAAS,OAAO,IAAI;AAAA,IAC7B,OACK;AACH,UAAI;AACF,cAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,YAAI,KAAK;AACP,iBAAO,SAAS,OAAO,KAAK;AAAA,MAChC,SACO,GAAG;AACR,gBAAQ,MAAM,+CAA+C,CAAC;AAAA,MAChE;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,cAAc,UAA8B;AACzD,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAC9B,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAChD,EAAE,aAAa,UAAU;AAE7B,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,WAAW,QAAkB,IAAI;AAAA,MACjE,QAAQ;AAAA,MACR,GAAG;AAAA,IACL,CAAC;AAED,QAAI,IAAI;AACN,YAAM,aAAa;AAAA;AAEnB,cAAQ,MAAM,4BAA4B,MAAM,IAAI,KAAK,CAAC;AAAA,EAC9D;AAEA,iBAAe,UAAU;AACvB,sBAAkB;AAClB,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,QAAQ,QAAQ,IAAI,EAAE,QAAQ,QAAQ,aAAa,UAAU,CAAC;AAClH,UAAM,aAAa;AAAA,EACrB;AAEA,MAAIA,UAAS;AACX,UAAM,OAAO,IAAI,IAAI,OAAO,SAAS,IAAI,EAAE,KAAK,UAAU,CAAC;AAC3D,UAAM,SAAS,IAAI,gBAAgB,IAAI;AACvC,UAAM,eAAe,OAAO,IAAI,OAAO;AAEvC,QAAI,cAAc;AAChB,wBAAkB,YAAY;AAC9B,YAAM,YAAY;AAChB,YAAI;AAEF,gBAAM,EAAE,aAAa,IAAI,MAAM,OAAO,iBAAiB;AACvD,gBAAM,aAAa,OAAO,SAAS,WAAW,OAAO,SAAS,QAAQ,CAAC,CAAC;AAAA,QAC1E,QACM;AACJ,iBAAO,QAAQ,aAAa,MAAM,IAAI,OAAO,SAAS,WAAW,OAAO,SAAS,MAAM;AAAA,QACzF;AACA,cAAM,aAAa;AAAA,MACrB,GAAG;AAAA,IACL,OACK;AACH,mBAAa;AAAA,IACf;AAAA,EACF;AAEA,UAAQ,MAAM;AACZ,QAAI,CAACA,YAAW,CAAC;AACf;AAEF,QAAI;AACJ,QAAI,WAAW;AAEf,uBAAmB,OAAO,QAAQ;AAChC,0BAAoB,KAAK,SAAS,QAAQ,OAAO,UAAU;AACzD,0BAAkB,KAAK;AACvB,cAAM,aAAa;AAAA,MACrB,CAAC;AAAA,IACH,CAAC,EAAE,KAAK,CAAC,aAAa;AACpB,UAAI;AACF,mBAAW;AAAA;AAEX,kBAAU;AAAA,IACd,CAAC;AAED,WAAO,MAAM;AACX,iBAAW;AACX,gBAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,eAAwC;AAAA,IAC5C,IAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,aAAW,kBAAkB,YAAY;AAC3C;AAEO,SAAS,UAA0D;AACxE,QAAM,UAAU,WAAoC,gBAAgB;AACpE,MAAI,CAAC;AACH,UAAM,IAAI,MAAM,6CAA6C;AAE/D,SAAO;AACT;","names":["BROWSER","BROWSER","BROWSER","BROWSER"]}
|
|
1
|
+
{"version":3,"sources":["../../../../src/client/svelte/index.svelte.ts","../../../../src/core/cookies.ts","../../../../src/jwt/jwt.ts","../../../../src/oauth/utils.ts","../../../../src/core/index.ts","../../../../src/runtimes/tauri/index.ts","../../../../src/client/token.ts"],"sourcesContent":["import type { GauSession, ProviderIds } from '../../core'\nimport { BROWSER } from 'esm-env'\nimport { getContext, setContext } from 'svelte'\nimport { NULL_SESSION } from '../../core'\nimport { handleTauriDeepLink, isTauri, linkAccountWithTauri, setupTauriListener, signInWithTauri } from '../../runtimes/tauri'\nimport { clearSessionToken, getSessionToken, storeSessionToken } from '../token'\n\ninterface AuthContextValue<TAuth = unknown> {\n session: GauSession<ProviderIds<TAuth>>\n signIn: (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>\n linkAccount: (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>\n unlinkAccount: (provider: ProviderIds<TAuth>) => Promise<void>\n signOut: () => Promise<void>\n}\n\nconst AUTH_CONTEXT_KEY = Symbol('gau-auth')\n\nexport function createSvelteAuth<const TAuth = unknown>({\n baseUrl = '/api/auth',\n scheme = 'gau',\n redirectTo: defaultRedirectTo,\n}: {\n baseUrl?: string\n scheme?: string\n redirectTo?: string\n} = {}) {\n type CurrentSession = GauSession<ProviderIds<TAuth>>\n let session = $state<CurrentSession>({ ...NULL_SESSION, providers: [] })\n\n async function fetchSession() {\n if (!BROWSER) {\n session = { ...NULL_SESSION, providers: [] }\n return\n }\n\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n const res = await fetch(`${baseUrl}/session`, token ? { headers } : { credentials: 'include' })\n\n const contentType = res.headers.get('content-type')\n if (contentType?.includes('application/json')) {\n session = await res.json()\n }\n else {\n session = {\n ...NULL_SESSION,\n providers: [] as ProviderIds<TAuth>[],\n }\n }\n }\n\n async function signIn(provider: ProviderIds<TAuth>, { redirectTo }: { redirectTo?: string } = {}) {\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n if (isTauri) {\n await signInWithTauri(provider as string, baseUrl, scheme, finalRedirectTo)\n }\n else {\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.origin\n\n const query = finalRedirectTo ? `?redirectTo=${encodeURIComponent(finalRedirectTo)}` : ''\n window.location.href = `${baseUrl}/${provider as string}${query}`\n }\n }\n\n async function linkAccount(provider: ProviderIds<TAuth>, { redirectTo }: { redirectTo?: string } = {}) {\n if (isTauri) {\n await linkAccountWithTauri(provider as string, baseUrl, scheme, redirectTo)\n return\n }\n\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.href\n\n const query = finalRedirectTo ? `?redirectTo=${encodeURIComponent(finalRedirectTo)}` : ''\n const linkUrl = `${baseUrl}/link/${provider as string}${query}${query ? '&' : '?'}redirect=false`\n\n const token = getSessionToken()\n\n const fetchOptions: RequestInit = token\n ? { headers: { Authorization: `Bearer ${token}` } }\n : { credentials: 'include' }\n\n const res = await fetch(linkUrl, fetchOptions)\n if (res.redirected) {\n window.location.href = res.url\n }\n else {\n try {\n const data = await res.json()\n if (data.url)\n window.location.href = data.url\n }\n catch (e) {\n console.error('Failed to parse response from link endpoint', e)\n }\n }\n }\n\n async function unlinkAccount(provider: ProviderIds<TAuth>) {\n const token = getSessionToken()\n const fetchOptions: RequestInit = token\n ? { headers: { Authorization: `Bearer ${token}` } }\n : { credentials: 'include' }\n\n const res = await fetch(`${baseUrl}/unlink/${provider as string}`, {\n method: 'POST',\n ...fetchOptions,\n })\n\n if (res.ok)\n await fetchSession()\n else\n console.error('Failed to unlink account', await res.json())\n }\n\n async function signOut() {\n clearSessionToken()\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n await fetch(`${baseUrl}/signout`, token ? { method: 'POST', headers } : { method: 'POST', credentials: 'include' })\n await fetchSession()\n }\n\n if (BROWSER) {\n const hash = new URL(window.location.href).hash.substring(1)\n const params = new URLSearchParams(hash)\n const tokenFromUrl = params.get('token')\n\n if (tokenFromUrl) {\n storeSessionToken(tokenFromUrl)\n void (async () => {\n try {\n // @ts-expect-error - SvelteKit-only\n const { replaceState } = await import('$app/navigation')\n await replaceState(window.location.pathname + window.location.search, {})\n }\n catch {\n window.history.replaceState(null, '', window.location.pathname + window.location.search)\n }\n await fetchSession()\n })()\n }\n else {\n fetchSession()\n }\n }\n\n $effect(() => {\n if (!BROWSER || !isTauri)\n return\n\n let cleanup: (() => void) | void\n let disposed = false\n\n setupTauriListener(async (url) => {\n handleTauriDeepLink(url, baseUrl, scheme, async (token) => {\n storeSessionToken(token)\n await fetchSession()\n })\n }).then((unlisten) => {\n if (disposed)\n unlisten?.()\n else\n cleanup = unlisten\n })\n\n return () => {\n disposed = true\n cleanup?.()\n }\n })\n\n const contextValue: AuthContextValue<TAuth> = {\n get session() {\n return session\n },\n signIn: signIn as (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>,\n linkAccount: linkAccount as (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>,\n unlinkAccount: unlinkAccount as (provider: ProviderIds<TAuth>) => Promise<void>,\n signOut,\n }\n\n setContext(AUTH_CONTEXT_KEY, contextValue)\n}\n\nexport function useAuth<const TAuth = unknown>(): AuthContextValue<TAuth> {\n const context = getContext<AuthContextValue<TAuth>>(AUTH_CONTEXT_KEY)\n if (!context)\n throw new Error('useAuth must be used within an AuthProvider')\n\n return context\n}\n","import type { SerializeOptions } from 'cookie'\nimport { parse, serialize } from 'cookie'\n\nexport const DEFAULT_COOKIE_SERIALIZE_OPTIONS: SerializeOptions = {\n path: '/',\n sameSite: 'lax',\n secure: true,\n httpOnly: true,\n}\n\nexport type Cookie = [string, string, SerializeOptions]\n\nexport function parseCookies(cookieHeader: string | null | undefined): Map<string, string> {\n const cookies = new Map<string, string>()\n if (cookieHeader) {\n const parsed = parse(cookieHeader)\n for (const name in parsed)\n cookies.set(name, parsed[name]!)\n }\n return cookies\n}\n\nexport class Cookies {\n #new: Cookie[] = []\n\n constructor(\n private readonly requestCookies: Map<string, string>,\n private readonly defaultOptions: SerializeOptions,\n ) {}\n\n get(name: string): string | undefined {\n return this.requestCookies.get(name)\n }\n\n set(name: string, value: string, options?: SerializeOptions): void {\n const combinedOptions = { ...this.defaultOptions, ...options }\n this.#new.push([name, value, combinedOptions])\n }\n\n delete(name: string, options?: Omit<SerializeOptions, 'expires' | 'maxAge'>): void {\n this.set(name, '', { ...options, expires: new Date(0), maxAge: 0 })\n }\n\n toHeaders(): Headers {\n const headers = new Headers()\n for (const [name, value, options] of this.#new)\n headers.append('Set-Cookie', serialize(name, value, options))\n\n return headers\n }\n}\n\nexport const CSRF_COOKIE_NAME = '__gau-csrf-token'\nexport const SESSION_COOKIE_NAME = '__gau-session-token'\nexport const SESSION_STRATEGY_COOKIE_NAME = '__gau-session-strategy'\nexport const LINKING_TOKEN_COOKIE_NAME = '__gau-linking-token'\nexport const PKCE_COOKIE_NAME = '__gau-pkce-code-verifier'\nexport const CALLBACK_URI_COOKIE_NAME = '__gau-callback-uri'\n\nexport const CSRF_MAX_AGE = 60 * 10 // 10 minutes\n","/// <reference types=\"node\" />\nimport {\n createJWTSignatureMessage,\n encodeJWT,\n JWSRegisteredHeaders,\n JWTRegisteredClaims,\n parseJWT,\n} from '@oslojs/jwt'\nimport { AuthError } from '../core/index'\nimport { constantTimeEqual, deriveKeysFromSecret, rawToDer } from './utils'\n\nexport type SupportedAlgorithm = 'ES256' | 'HS256'\n\ninterface CommonSignOptions {\n /** Time-to-live in seconds (exp claim). If omitted the token will not expire. */\n ttl?: number\n}\n\nexport type SignOptions\n = | ({ algorithm?: 'ES256', privateKey?: CryptoKey, secret?: string }\n & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n | ({ algorithm: 'HS256', secret?: string | Uint8Array, privateKey?: never }\n & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n\n/**\n * Create a signed JWT.\n * Defaults to ES256 when a privateKey is supplied. Falls back to HS256 when a secret is supplied.\n */\nexport async function sign<T extends Record<string, unknown>>(payload: T, options: SignOptions = {}): Promise<string> {\n let { algorithm = 'ES256', ttl, iss, aud, sub, privateKey, secret } = options\n\n if (algorithm === 'ES256') {\n if (!privateKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 signing. It must be a base64url-encoded string.');\n\n ({ privateKey } = await deriveKeysFromSecret(secret))\n }\n }\n else if (algorithm === 'HS256' && !secret) {\n throw new AuthError('Missing secret for HS256 signing')\n }\n\n const now = Math.floor(Date.now() / 1000)\n\n const jwtPayload: Record<string, unknown> = { iat: now, iss, aud, sub, ...payload }\n\n if (ttl != null && ttl > 0)\n jwtPayload.exp = now + ttl\n\n const isHS256 = algorithm === 'HS256'\n const alg: SupportedAlgorithm = isHS256 ? 'HS256' : 'ES256'\n\n const headerJSON = JSON.stringify({ alg, typ: 'JWT' })\n const payloadJSON = JSON.stringify(jwtPayload)\n\n const signatureMessage = createJWTSignatureMessage(headerJSON, payloadJSON)\n\n let signature: Uint8Array\n\n if (isHS256) {\n // HS256 (HMAC-SHA256)\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n signature = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n }\n else {\n // ES256 (ECDSA-SHA256)\n // Runtimes like Bun's return the raw (r||s) signature directly, not DER-encoded.\n signature = new Uint8Array(\n await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey!,\n signatureMessage as BufferSource,\n ),\n )\n }\n\n return encodeJWT(headerJSON, payloadJSON, signature)\n}\n\nexport type VerifyOptions\n = | { algorithm?: 'ES256', publicKey?: CryptoKey, secret?: string, iss?: string, aud?: string | string[] }\n | { algorithm: 'HS256', secret?: string | Uint8Array, publicKey?: never, iss?: string, aud?: string | string[] }\n\n/**\n * Verify a JWT and return its payload when the signature is valid.\n * The algorithm is inferred from options – ES256 by default.\n * Throws when verification fails or the token is expired.\n */\nexport async function verify<T = Record<string, unknown>>(token: string, options: VerifyOptions): Promise<T> {\n let { algorithm = 'ES256', publicKey, secret, iss, aud } = options\n\n if (algorithm === 'ES256') {\n if (!publicKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 verification. Must be a base64url-encoded string.');\n\n ({ publicKey } = await deriveKeysFromSecret(secret))\n }\n }\n\n if (algorithm === 'HS256' && !secret)\n throw new AuthError('Missing secret for HS256 verification')\n\n const [header, payload, signature, signatureMessage] = parseJWT(token)\n\n const headerParams = new JWSRegisteredHeaders(header)\n const headerAlg = headerParams.algorithm()\n\n let validSignature = false\n\n // HS256 verification path\n if (algorithm === 'HS256') {\n if (headerAlg !== 'HS256')\n throw new Error(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"HS256\"`)\n\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n const expectedSig = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n validSignature = constantTimeEqual(expectedSig, new Uint8Array(signature))\n }\n // ES256 verification path (default)\n else {\n if (headerAlg !== 'ES256')\n throw new AuthError(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"ES256\"`)\n\n const signatureBytes = new Uint8Array(signature)\n\n // Runtimes like Node.js return DER-encoded signatures. Others (Bun) return raw (r||s).\n // We try DER first, as it's more common in Node environments.\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n signatureBytes as BufferSource,\n signatureMessage as BufferSource,\n )\n\n if (!validSignature && signatureBytes.length === 64) {\n // If DER verification fails and the signature is 64 bytes, it might be a raw signature.\n // Convert it to DER and try again.\n try {\n const derSig = rawToDer(signatureBytes)\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n derSig as BufferSource,\n signatureMessage as BufferSource,\n )\n }\n catch {\n // rawToDer can throw if the signature is not 64 bytes, but we already checked.\n // This catch is for other unexpected errors.\n validSignature = false\n }\n }\n }\n\n if (!validSignature)\n throw new AuthError('Invalid JWT signature')\n\n const claims = new JWTRegisteredClaims(payload)\n if (claims.hasExpiration() && !claims.verifyExpiration())\n throw new AuthError('JWT expired')\n if (claims.hasNotBefore() && !claims.verifyNotBefore())\n throw new AuthError('JWT not yet valid')\n if (iss && (payload as any).iss !== iss)\n throw new AuthError('Invalid JWT issuer')\n\n if (aud) {\n const expectedAudience = Array.isArray(aud) ? aud : [aud]\n const tokenAudience = (payload as any).aud\n ? (Array.isArray((payload as any).aud) ? (payload as any).aud : [(payload as any).aud])\n : []\n\n if (!expectedAudience.some(audValue => tokenAudience.includes(audValue)))\n throw new AuthError('Invalid JWT audience')\n }\n\n return payload as T\n}\n","import { generateCodeVerifier, generateState } from 'arctic'\n\nexport function createOAuthUris() {\n const state = generateState()\n const codeVerifier = generateCodeVerifier()\n\n return {\n state,\n codeVerifier,\n }\n}\n","export interface RequestLike {\n /** Absolute or relative URL */\n readonly url: string\n /** Upper-case HTTP method (e.g. `GET`) */\n readonly method: string\n /** All HTTP headers – mutable so adapters can append */\n readonly headers: Headers\n /** Lazily parse the body as JSON */\n json: <T = unknown>() => Promise<T>\n /** Raw text body */\n text: () => Promise<string>\n /** FormData helper (for `application/x-www-form-urlencoded` or `multipart/form-data`) */\n formData: () => Promise<FormData>\n}\n\nexport interface ResponseLike {\n readonly status: number\n readonly headers: Headers\n readonly body?: BodyInit | null\n json: <T = unknown>() => Promise<T>\n text: () => Promise<string>\n}\n\nexport interface User {\n id: string\n name?: string | null\n email?: string | null\n emailVerified?: boolean | null\n image?: string | null\n}\n\nexport interface Session {\n id: string\n sub: string\n [key: string]: unknown\n}\n\nexport interface GauSession<TProviders extends string = string> {\n user: User | null\n session: Session | null\n accounts?: Account[] | null\n providers?: TProviders[]\n}\n\nexport const NULL_SESSION = {\n user: null,\n session: null,\n accounts: null,\n} as const\n\nexport interface NewUser extends Omit<User, 'id' | 'accounts'> {\n id?: string\n}\n\nexport interface Account {\n userId: string\n provider: string\n providerAccountId: string\n type?: string // e.g. \"oauth\"\n accessToken?: string | null\n refreshToken?: string | null\n expiresAt?: number | null // epoch seconds\n idToken?: string | null\n scope?: string | null\n tokenType?: string | null\n sessionState?: string | null\n}\n\nexport interface NewAccount extends Account {}\n\nexport interface Adapter {\n getUser: (id: string) => Promise<User | null>\n getUserByEmail: (email: string) => Promise<User | null>\n getUserByAccount: (provider: string, providerAccountId: string) => Promise<User | null>\n getAccounts: (userId: string) => Promise<Account[]>\n getUserAndAccounts: (userId: string) => Promise<{ user: User, accounts: Account[] } | null>\n createUser: (data: NewUser) => Promise<User>\n linkAccount: (data: NewAccount) => Promise<void>\n unlinkAccount: (provider: string, providerAccountId: string) => Promise<void>\n updateUser: (data: Partial<User> & { id: string }) => Promise<User>\n deleteUser: (id: string) => Promise<void>\n}\n\nexport class AuthError extends Error {\n override readonly cause?: unknown\n constructor(message: string, cause?: unknown) {\n super(message)\n this.name = 'AuthError'\n this.cause = cause\n }\n}\n\nexport function json<T>(data: T, init: ResponseInit = {}): Response {\n const headers = new Headers(init.headers)\n if (!headers.has('Content-Type'))\n headers.set('Content-Type', 'application/json; charset=utf-8')\n return new Response(JSON.stringify(data), { ...init, headers })\n}\n\nexport function redirect(url: string, status: 302 | 303 = 302): Response {\n return new Response(null, {\n status,\n headers: {\n Location: url,\n },\n })\n}\n\nexport * from './cookies'\nexport * from './createAuth'\nexport * from './handler'\n","import { BROWSER } from 'esm-env'\nimport { getSessionToken } from '../../client/token'\n\nexport const isTauri = BROWSER && '__TAURI_INTERNALS__' in (globalThis as any)\n\nexport async function signInWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n) {\n if (!isTauri)\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { open } = await import('@tauri-apps/plugin-shell')\n\n const currentPlatform = platform() // platform is NO LONGER an async function\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const authUrl = `${baseUrl}/${provider}?redirectTo=${encodeURIComponent(redirectTo)}`\n await open(authUrl)\n}\n\nexport async function setupTauriListener(\n handler: (url: string) => Promise<void>,\n): Promise<(() => void) | void> {\n if (!isTauri)\n return\n\n const { listen } = await import('@tauri-apps/api/event')\n try {\n const unlisten = await listen<string>('deep-link', async (event) => {\n await handler(event.payload)\n })\n return unlisten\n }\n catch (err) {\n console.error(err)\n }\n}\n\nexport function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void) {\n const parsed = new URL(url)\n if (parsed.protocol !== `${scheme}:` && parsed.origin !== new URL(baseUrl).origin)\n return\n\n const params = new URLSearchParams(parsed.hash.substring(1))\n const token = params.get('token')\n if (token)\n onToken(token)\n}\n\nexport async function linkAccountWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n) {\n if (!isTauri)\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { open } = await import('@tauri-apps/plugin-shell')\n\n const currentPlatform = platform()\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const token = getSessionToken()\n if (!token) {\n console.error('No session token found, cannot link account.')\n return\n }\n\n const query = `?redirectTo=${encodeURIComponent(redirectTo)}&token=${encodeURIComponent(token)}`\n const linkUrl = `${baseUrl}/link/${provider}${query}`\n await open(linkUrl)\n}\n","import { BROWSER } from 'esm-env'\n\nexport function storeSessionToken(token: string) {\n if (!BROWSER)\n return\n try {\n localStorage.setItem('gau-token', token)\n document.cookie = `__gau-session-token=${token}; path=/; max-age=31536000; samesite=lax; secure`\n }\n catch {}\n}\n\nexport function getSessionToken(): string | null {\n if (!BROWSER)\n return null\n return localStorage.getItem('gau-token')\n}\n\nexport function clearSessionToken() {\n if (!BROWSER)\n return\n try {\n localStorage.removeItem('gau-token')\n document.cookie = `__gau-session-token=; path=/; max-age=0`\n }\n catch {}\n}\n"],"mappings":";AACA,SAAS,WAAAA,gBAAe;AACxB,SAAS,YAAY,kBAAkB;;;ACDvC,SAAS,OAAO,iBAAiB;AA0D1B,IAAM,eAAe,KAAK;;;AC1DjC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;ACPP,SAAS,sBAAsB,qBAAqB;;;AC4C7C,IAAM,eAAe;AAAA,EAC1B,MAAM;AAAA,EACN,SAAS;AAAA,EACT,UAAU;AACZ;;;AChDA,SAAS,WAAAC,gBAAe;;;ACAxB,SAAS,eAAe;AAEjB,SAAS,kBAAkB,OAAe;AAC/C,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,QAAQ,aAAa,KAAK;AACvC,aAAS,SAAS,uBAAuB,KAAK;AAAA,EAChD,QACM;AAAA,EAAC;AACT;AAEO,SAAS,kBAAiC;AAC/C,MAAI,CAAC;AACH,WAAO;AACT,SAAO,aAAa,QAAQ,WAAW;AACzC;AAEO,SAAS,oBAAoB;AAClC,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,WAAW,WAAW;AACnC,aAAS,SAAS;AAAA,EACpB,QACM;AAAA,EAAC;AACT;;;ADvBO,IAAM,UAAUC,YAAW,yBAA0B;AAE5D,eAAsB,gBACpB,UACA,SACA,SAAiB,OACjB,kBACA;AACA,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,UAAU,GAAG,OAAO,IAAI,QAAQ,eAAe,mBAAmB,UAAU,CAAC;AACnF,QAAM,KAAK,OAAO;AACpB;AAEA,eAAsB,mBACpB,SAC8B;AAC9B,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,uBAAuB;AACvD,MAAI;AACF,UAAM,WAAW,MAAM,OAAe,aAAa,OAAO,UAAU;AAClE,YAAM,QAAQ,MAAM,OAAO;AAAA,IAC7B,CAAC;AACD,WAAO;AAAA,EACT,SACO,KAAK;AACV,YAAQ,MAAM,GAAG;AAAA,EACnB;AACF;AAEO,SAAS,oBAAoB,KAAa,SAAiB,QAAgB,SAAkC;AAClH,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,MAAI,OAAO,aAAa,GAAG,MAAM,OAAO,OAAO,WAAW,IAAI,IAAI,OAAO,EAAE;AACzE;AAEF,QAAM,SAAS,IAAI,gBAAgB,OAAO,KAAK,UAAU,CAAC,CAAC;AAC3D,QAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,MAAI;AACF,YAAQ,KAAK;AACjB;AAEA,eAAsB,qBACpB,UACA,SACA,SAAiB,OACjB,kBACA;AACA,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,QAAQ,gBAAgB;AAC9B,MAAI,CAAC,OAAO;AACV,YAAQ,MAAM,8CAA8C;AAC5D;AAAA,EACF;AAEA,QAAM,QAAQ,eAAe,mBAAmB,UAAU,CAAC,UAAU,mBAAmB,KAAK,CAAC;AAC9F,QAAM,UAAU,GAAG,OAAO,SAAS,QAAQ,GAAG,KAAK;AACnD,QAAM,KAAK,OAAO;AACpB;;;AL5EA,IAAM,mBAAmB,OAAO,UAAU;AAEnC,SAAS,iBAAwC;AAAA,EACtD,UAAU;AAAA,EACV,SAAS;AAAA,EACT,YAAY;AACd,IAII,CAAC,GAAG;AAEN,MAAI,UAAU,OAAuB,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE,CAAC;AAEvE,iBAAe,eAAe;AAC5B,QAAI,CAACC,UAAS;AACZ,gBAAU,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE;AAC3C;AAAA,IACF;AAEA,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,IAAI,EAAE,aAAa,UAAU,CAAC;AAE9F,UAAM,cAAc,IAAI,QAAQ,IAAI,cAAc;AAClD,QAAI,aAAa,SAAS,kBAAkB,GAAG;AAC7C,gBAAU,MAAM,IAAI,KAAK;AAAA,IAC3B,OACK;AACH,gBAAU;AAAA,QACR,GAAG;AAAA,QACH,WAAW,CAAC;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,OAAO,UAA8B,EAAE,WAAW,IAA6B,CAAC,GAAG;AAChG,QAAI,kBAAkB,cAAc;AACpC,QAAI,SAAS;AACX,YAAM,gBAAgB,UAAoB,SAAS,QAAQ,eAAe;AAAA,IAC5E,OACK;AACH,UAAI,CAAC,mBAAmBA;AACtB,0BAAkB,OAAO,SAAS;AAEpC,YAAM,QAAQ,kBAAkB,eAAe,mBAAmB,eAAe,CAAC,KAAK;AACvF,aAAO,SAAS,OAAO,GAAG,OAAO,IAAI,QAAkB,GAAG,KAAK;AAAA,IACjE;AAAA,EACF;AAEA,iBAAe,YAAY,UAA8B,EAAE,WAAW,IAA6B,CAAC,GAAG;AACrG,QAAI,SAAS;AACX,YAAM,qBAAqB,UAAoB,SAAS,QAAQ,UAAU;AAC1E;AAAA,IACF;AAEA,QAAI,kBAAkB,cAAc;AACpC,QAAI,CAAC,mBAAmBA;AACtB,wBAAkB,OAAO,SAAS;AAEpC,UAAM,QAAQ,kBAAkB,eAAe,mBAAmB,eAAe,CAAC,KAAK;AACvF,UAAM,UAAU,GAAG,OAAO,SAAS,QAAkB,GAAG,KAAK,GAAG,QAAQ,MAAM,GAAG;AAEjF,UAAM,QAAQ,gBAAgB;AAE9B,UAAM,eAA4B,QAC9B,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAChD,EAAE,aAAa,UAAU;AAE7B,UAAM,MAAM,MAAM,MAAM,SAAS,YAAY;AAC7C,QAAI,IAAI,YAAY;AAClB,aAAO,SAAS,OAAO,IAAI;AAAA,IAC7B,OACK;AACH,UAAI;AACF,cAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,YAAI,KAAK;AACP,iBAAO,SAAS,OAAO,KAAK;AAAA,MAChC,SACO,GAAG;AACR,gBAAQ,MAAM,+CAA+C,CAAC;AAAA,MAChE;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,cAAc,UAA8B;AACzD,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAC9B,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAChD,EAAE,aAAa,UAAU;AAE7B,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,WAAW,QAAkB,IAAI;AAAA,MACjE,QAAQ;AAAA,MACR,GAAG;AAAA,IACL,CAAC;AAED,QAAI,IAAI;AACN,YAAM,aAAa;AAAA;AAEnB,cAAQ,MAAM,4BAA4B,MAAM,IAAI,KAAK,CAAC;AAAA,EAC9D;AAEA,iBAAe,UAAU;AACvB,sBAAkB;AAClB,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,QAAQ,QAAQ,IAAI,EAAE,QAAQ,QAAQ,aAAa,UAAU,CAAC;AAClH,UAAM,aAAa;AAAA,EACrB;AAEA,MAAIA,UAAS;AACX,UAAM,OAAO,IAAI,IAAI,OAAO,SAAS,IAAI,EAAE,KAAK,UAAU,CAAC;AAC3D,UAAM,SAAS,IAAI,gBAAgB,IAAI;AACvC,UAAM,eAAe,OAAO,IAAI,OAAO;AAEvC,QAAI,cAAc;AAChB,wBAAkB,YAAY;AAC9B,YAAM,YAAY;AAChB,YAAI;AAEF,gBAAM,EAAE,aAAa,IAAI,MAAM,OAAO,iBAAiB;AACvD,gBAAM,aAAa,OAAO,SAAS,WAAW,OAAO,SAAS,QAAQ,CAAC,CAAC;AAAA,QAC1E,QACM;AACJ,iBAAO,QAAQ,aAAa,MAAM,IAAI,OAAO,SAAS,WAAW,OAAO,SAAS,MAAM;AAAA,QACzF;AACA,cAAM,aAAa;AAAA,MACrB,GAAG;AAAA,IACL,OACK;AACH,mBAAa;AAAA,IACf;AAAA,EACF;AAEA,UAAQ,MAAM;AACZ,QAAI,CAACA,YAAW,CAAC;AACf;AAEF,QAAI;AACJ,QAAI,WAAW;AAEf,uBAAmB,OAAO,QAAQ;AAChC,0BAAoB,KAAK,SAAS,QAAQ,OAAO,UAAU;AACzD,0BAAkB,KAAK;AACvB,cAAM,aAAa;AAAA,MACrB,CAAC;AAAA,IACH,CAAC,EAAE,KAAK,CAAC,aAAa;AACpB,UAAI;AACF,mBAAW;AAAA;AAEX,kBAAU;AAAA,IACd,CAAC;AAED,WAAO,MAAM;AACX,iBAAW;AACX,gBAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,eAAwC;AAAA,IAC5C,IAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,aAAW,kBAAkB,YAAY;AAC3C;AAEO,SAAS,UAA0D;AACxE,QAAM,UAAU,WAAoC,gBAAgB;AACpE,MAAI,CAAC;AACH,UAAM,IAAI,MAAM,6CAA6C;AAE/D,SAAO;AACT;","names":["BROWSER","BROWSER","BROWSER","BROWSER"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t}from"../../chunk-
|
|
1
|
+
import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t}from"../../chunk-OCVUPYHU.js";export{o as handleTauriDeepLink,r as isTauri,m as linkAccountWithTauri,p as setupTauriListener,t as signInWithTauri};//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/runtimes/tauri/index.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/runtimes/tauri/index.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,OAAO,SAA0D,CAAA;AAE9E,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,MAAM,GAAE,MAAc,EACtB,gBAAgB,CAAC,EAAE,MAAM,iBAoB1B;AAED,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GACtC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,GAAG,IAAI,CAAC,CAc9B;AAED,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,QASjH;AAED,wBAAsB,oBAAoB,CACxC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,MAAM,GAAE,MAAc,EACtB,gBAAgB,CAAC,EAAE,MAAM,iBA2B1B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t}from"../../../chunk-
|
|
1
|
+
import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t}from"../../../chunk-OCVUPYHU.js";export{o as handleTauriDeepLink,r as isTauri,m as linkAccountWithTauri,p as setupTauriListener,t as signInWithTauri};//# sourceMappingURL=index.js.map
|
package/package.json
CHANGED
package/dist/chunk-LEYZAXTW.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
import{BROWSER as n}from"esm-env";import{BROWSER as o}from"esm-env";var t=n&&"__TAURI_INTERNALS__"in window;async function a(n,o,a="gau",i){if(!t)return;const{platform:e}=await import("@tauri-apps/plugin-os"),{open:r}=await import("@tauri-apps/plugin-shell"),s=e();let c;c=i||("android"===s||"ios"===s?new URL(o).origin:`${a}://oauth/callback`);const p=`${o}/${n}?redirectTo=${encodeURIComponent(c)}`;await r(p)}async function i(n){if(!t)return;const{listen:o}=await import("@tauri-apps/api/event");try{return await o("deep-link",async o=>{await n(o.payload)})}catch(n){console.error(n)}}function e(n,o,t,a){const i=new URL(n);if(i.protocol!==`${t}:`&&i.origin!==new URL(o).origin)return;const e=new URLSearchParams(i.hash.substring(1)).get("token");e&&a(e)}async function r(n,a,i="gau",e){if(!t)return;const{platform:r}=await import("@tauri-apps/plugin-os"),{open:s}=await import("@tauri-apps/plugin-shell"),c=r();let p;p=e||("android"===c||"ios"===c?new URL(a).origin:`${i}://oauth/callback`);const l=o?localStorage.getItem("gau-token"):null;if(!l)return void console.error("No session token found, cannot link account.");const u=`${a}/link/${n}${`?redirectTo=${encodeURIComponent(p)}&token=${encodeURIComponent(l)}`}`;await s(u)}export{t as isTauri,a as signInWithTauri,i as setupTauriListener,e as handleTauriDeepLink,r as linkAccountWithTauri};//# sourceMappingURL=chunk-LEYZAXTW.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/runtimes/tauri/index.ts","../src/client/token.ts"],"sourcesContent":["import { BROWSER } from 'esm-env'\nimport { getSessionToken } from '../../client/token'\n\nexport const isTauri = BROWSER && '__TAURI_INTERNALS__' in window\n\nexport async function signInWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n) {\n if (!isTauri)\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { open } = await import('@tauri-apps/plugin-shell')\n\n const currentPlatform = platform() // platform is NO LONGER an async function\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const authUrl = `${baseUrl}/${provider}?redirectTo=${encodeURIComponent(redirectTo)}`\n await open(authUrl)\n}\n\nexport async function setupTauriListener(\n handler: (url: string) => Promise<void>,\n): Promise<(() => void) | void> {\n if (!isTauri)\n return\n\n const { listen } = await import('@tauri-apps/api/event')\n try {\n const unlisten = await listen<string>('deep-link', async (event) => {\n await handler(event.payload)\n })\n return unlisten\n }\n catch (err) {\n console.error(err)\n }\n}\n\nexport function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void) {\n const parsed = new URL(url)\n if (parsed.protocol !== `${scheme}:` && parsed.origin !== new URL(baseUrl).origin)\n return\n\n const params = new URLSearchParams(parsed.hash.substring(1))\n const token = params.get('token')\n if (token)\n onToken(token)\n}\n\nexport async function linkAccountWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n) {\n if (!isTauri)\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { open } = await import('@tauri-apps/plugin-shell')\n\n const currentPlatform = platform()\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const token = getSessionToken()\n if (!token) {\n console.error('No session token found, cannot link account.')\n return\n }\n\n const query = `?redirectTo=${encodeURIComponent(redirectTo)}&token=${encodeURIComponent(token)}`\n const linkUrl = `${baseUrl}/link/${provider}${query}`\n await open(linkUrl)\n}\n","import { BROWSER } from 'esm-env'\n\nexport function storeSessionToken(token: string) {\n if (!BROWSER)\n return\n try {\n localStorage.setItem('gau-token', token)\n document.cookie = `__gau-session-token=${token}; path=/; max-age=31536000; samesite=lax; secure`\n }\n catch {}\n}\n\nexport function getSessionToken(): string | null {\n if (!BROWSER)\n return null\n return localStorage.getItem('gau-token')\n}\n\nexport function clearSessionToken() {\n if (!BROWSER)\n return\n try {\n localStorage.removeItem('gau-token')\n document.cookie = `__gau-session-token=; path=/; max-age=0`\n }\n catch {}\n}\n"],"mappings":";AAAA,SAAS,WAAAA,gBAAe;;;ACAxB,SAAS,eAAe;AAYjB,SAAS,kBAAiC;AAC/C,MAAI,CAAC;AACH,WAAO;AACT,SAAO,aAAa,QAAQ,WAAW;AACzC;;;ADbO,IAAM,UAAUC,YAAW,yBAAyB;AAE3D,eAAsB,gBACpB,UACA,SACA,SAAiB,OACjB,kBACA;AACA,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,UAAU,GAAG,OAAO,IAAI,QAAQ,eAAe,mBAAmB,UAAU,CAAC;AACnF,QAAM,KAAK,OAAO;AACpB;AAEA,eAAsB,mBACpB,SAC8B;AAC9B,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,uBAAuB;AACvD,MAAI;AACF,UAAM,WAAW,MAAM,OAAe,aAAa,OAAO,UAAU;AAClE,YAAM,QAAQ,MAAM,OAAO;AAAA,IAC7B,CAAC;AACD,WAAO;AAAA,EACT,SACO,KAAK;AACV,YAAQ,MAAM,GAAG;AAAA,EACnB;AACF;AAEO,SAAS,oBAAoB,KAAa,SAAiB,QAAgB,SAAkC;AAClH,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,MAAI,OAAO,aAAa,GAAG,MAAM,OAAO,OAAO,WAAW,IAAI,IAAI,OAAO,EAAE;AACzE;AAEF,QAAM,SAAS,IAAI,gBAAgB,OAAO,KAAK,UAAU,CAAC,CAAC;AAC3D,QAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,MAAI;AACF,YAAQ,KAAK;AACjB;AAEA,eAAsB,qBACpB,UACA,SACA,SAAiB,OACjB,kBACA;AACA,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,QAAQ,gBAAgB;AAC9B,MAAI,CAAC,OAAO;AACV,YAAQ,MAAM,8CAA8C;AAC5D;AAAA,EACF;AAEA,QAAM,QAAQ,eAAe,mBAAmB,UAAU,CAAC,UAAU,mBAAmB,KAAK,CAAC;AAC9F,QAAM,UAAU,GAAG,OAAO,SAAS,QAAQ,GAAG,KAAK;AACnD,QAAM,KAAK,OAAO;AACpB;","names":["BROWSER","BROWSER"]}
|