@rttnd/gau 0.3.7 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunk-GV4FQQFM.js +1 -0
- package/dist/chunk-GV4FQQFM.js.map +1 -0
- package/dist/chunk-SKDOAOYX.js +1 -0
- package/dist/chunk-SKDOAOYX.js.map +1 -0
- package/dist/chunk-SLSEX3Y5.js +1 -0
- package/dist/chunk-SLSEX3Y5.js.map +1 -0
- package/dist/src/adapters/drizzle/index.js +1 -1
- package/dist/src/adapters/drizzle/sqlite.d.ts +1 -0
- package/dist/src/adapters/drizzle/sqlite.d.ts.map +1 -1
- package/dist/src/adapters/index.js +1 -1
- package/dist/src/adapters/memory/index.d.ts.map +1 -1
- package/dist/src/adapters/memory/index.js +1 -1
- package/dist/src/client/svelte/index.svelte.js.map +1 -1
- package/dist/src/core/createAuth.d.ts +40 -1
- package/dist/src/core/createAuth.d.ts.map +1 -1
- package/dist/src/core/handler.d.ts +1 -2
- package/dist/src/core/handler.d.ts.map +1 -1
- package/dist/src/core/handlers/callback.d.ts +1 -2
- package/dist/src/core/handlers/callback.d.ts.map +1 -1
- package/dist/src/core/handlers/cors.d.ts +2 -3
- package/dist/src/core/handlers/cors.d.ts.map +1 -1
- package/dist/src/core/handlers/index.js +1 -1
- package/dist/src/core/handlers/link.d.ts +2 -3
- package/dist/src/core/handlers/link.d.ts.map +1 -1
- package/dist/src/core/handlers/login.d.ts +2 -3
- package/dist/src/core/handlers/login.d.ts.map +1 -1
- package/dist/src/core/handlers/session.d.ts +1 -2
- package/dist/src/core/handlers/session.d.ts.map +1 -1
- package/dist/src/core/handlers/utils.d.ts +2 -3
- package/dist/src/core/handlers/utils.d.ts.map +1 -1
- package/dist/src/core/index.d.ts +6 -21
- package/dist/src/core/index.d.ts.map +1 -1
- package/dist/src/core/index.js +1 -1
- package/dist/src/index.js +1 -1
- package/dist/src/jwt/index.js +1 -1
- package/dist/src/oauth/index.d.ts +12 -0
- package/dist/src/oauth/index.d.ts.map +1 -1
- package/dist/src/oauth/index.js +1 -1
- package/dist/src/oauth/index.js.map +1 -1
- package/dist/src/oauth/providers/google.d.ts.map +1 -1
- package/dist/src/oauth/providers/microsoft.d.ts.map +1 -1
- package/dist/src/solidstart/index.d.ts +3 -3
- package/dist/src/solidstart/index.js +1 -1
- package/dist/src/sveltekit/index.d.ts +3 -3
- package/dist/src/sveltekit/index.js +1 -1
- package/package.json +7 -7
- package/dist/chunk-BU67DYGK.js +0 -1
- package/dist/chunk-BU67DYGK.js.map +0 -1
- package/dist/chunk-UTAPXIXP.js +0 -1
- package/dist/chunk-UTAPXIXP.js.map +0 -1
- package/dist/chunk-X6HBHPJD.js +0 -1
- package/dist/chunk-X6HBHPJD.js.map +0 -1
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
|
|
2
|
-
export declare function
|
|
3
|
-
export declare function handlePreflight(request: RequestLike): Response;
|
|
1
|
+
export declare function applyCors(request: Request, response: Response): Response;
|
|
2
|
+
export declare function handlePreflight(request: Request): Response;
|
|
4
3
|
//# sourceMappingURL=cors.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/cors.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/cors.ts"],"names":[],"mappings":"AAAA,wBAAgB,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAUxE;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,CAW1D"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{applyCors as o,handleCallback as r,handleLink as m,handlePreflight as p,handleSession as t,handleSignIn as
|
|
1
|
+
import{applyCors as o,handleCallback as r,handleLink as m,handlePreflight as p,handleSession as t,handleSignIn as S,handleSignOut as c,handleUnlink as e,verifyRequestOrigin as f}from"../../../chunk-SLSEX3Y5.js";export{o as applyCors,r as handleCallback,m as handleLink,p as handlePreflight,t as handleSession,S as handleSignIn,c as handleSignOut,e as handleUnlink,f as verifyRequestOrigin};//# sourceMappingURL=index.js.map
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import type { Auth } from '../createAuth';
|
|
2
|
-
|
|
3
|
-
export declare function
|
|
4
|
-
export declare function handleUnlink(request: RequestLike, auth: Auth, providerId: string): Promise<ResponseLike>;
|
|
2
|
+
export declare function handleLink(request: Request, auth: Auth, providerId: string): Promise<Response>;
|
|
3
|
+
export declare function handleUnlink(request: Request, auth: Auth, providerId: string): Promise<Response>;
|
|
5
4
|
//# sourceMappingURL=link.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"link.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/link.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;
|
|
1
|
+
{"version":3,"file":"link.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/link.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAKzC,wBAAsB,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAyBpG;AAED,wBAAsB,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CA8CtG"}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import type { Auth } from '../createAuth';
|
|
2
|
-
|
|
3
|
-
export declare function
|
|
4
|
-
export declare function handleSignOut(request: RequestLike, auth: Auth): Promise<ResponseLike>;
|
|
2
|
+
export declare function handleSignIn(request: Request, auth: Auth, providerId: string): Promise<Response>;
|
|
3
|
+
export declare function handleSignOut(request: Request, auth: Auth): Promise<Response>;
|
|
5
4
|
//# sourceMappingURL=login.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;
|
|
1
|
+
{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAMzC,wBAAsB,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAEtG;AAED,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,CAcnF"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
1
|
import type { Auth } from '../createAuth';
|
|
2
|
-
|
|
3
|
-
export declare function handleSession(request: RequestLike, auth: Auth): Promise<ResponseLike>;
|
|
2
|
+
export declare function handleSession(request: Request, auth: Auth): Promise<Response>;
|
|
4
3
|
//# sourceMappingURL=session.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAIzC,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,CA4BnF"}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import type { Auth } from '../createAuth';
|
|
2
|
-
|
|
3
|
-
export declare function
|
|
4
|
-
export declare function prepareOAuthRedirect(request: RequestLike, auth: Auth, providerId: string, linkingToken: string | null): Promise<ResponseLike>;
|
|
2
|
+
export declare function verifyRequestOrigin(request: Request, trustHosts: 'all' | string[], development: boolean): boolean;
|
|
3
|
+
export declare function prepareOAuthRedirect(request: Request, auth: Auth, providerId: string, linkingToken: string | null): Promise<Response>;
|
|
5
4
|
//# sourceMappingURL=utils.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAazC,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,GAAG,MAAM,EAAE,EAAE,WAAW,EAAE,OAAO,GAAG,OAAO,CA+BjH;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,GAAG,IAAI,GAC1B,OAAO,CAAC,QAAQ,CAAC,CAmFnB"}
|
package/dist/src/core/index.d.ts
CHANGED
|
@@ -1,30 +1,10 @@
|
|
|
1
|
-
export interface RequestLike {
|
|
2
|
-
/** Absolute or relative URL */
|
|
3
|
-
readonly url: string;
|
|
4
|
-
/** Upper-case HTTP method (e.g. `GET`) */
|
|
5
|
-
readonly method: string;
|
|
6
|
-
/** All HTTP headers – mutable so adapters can append */
|
|
7
|
-
readonly headers: Headers;
|
|
8
|
-
/** Lazily parse the body as JSON */
|
|
9
|
-
json: <T = unknown>() => Promise<T>;
|
|
10
|
-
/** Raw text body */
|
|
11
|
-
text: () => Promise<string>;
|
|
12
|
-
/** FormData helper (for `application/x-www-form-urlencoded` or `multipart/form-data`) */
|
|
13
|
-
formData: () => Promise<FormData>;
|
|
14
|
-
}
|
|
15
|
-
export interface ResponseLike {
|
|
16
|
-
readonly status: number;
|
|
17
|
-
readonly headers: Headers;
|
|
18
|
-
readonly body?: BodyInit | null;
|
|
19
|
-
json: <T = unknown>() => Promise<T>;
|
|
20
|
-
text: () => Promise<string>;
|
|
21
|
-
}
|
|
22
1
|
export interface User {
|
|
23
2
|
id: string;
|
|
24
3
|
name?: string | null;
|
|
25
4
|
email?: string | null;
|
|
26
5
|
emailVerified?: boolean | null;
|
|
27
6
|
image?: string | null;
|
|
7
|
+
role?: string | null;
|
|
28
8
|
}
|
|
29
9
|
export interface Session {
|
|
30
10
|
id: string;
|
|
@@ -72,6 +52,11 @@ export interface Adapter {
|
|
|
72
52
|
createUser: (data: NewUser) => Promise<User>;
|
|
73
53
|
linkAccount: (data: NewAccount) => Promise<void>;
|
|
74
54
|
unlinkAccount: (provider: string, providerAccountId: string) => Promise<void>;
|
|
55
|
+
updateAccount?: (data: Partial<Account> & {
|
|
56
|
+
userId: string;
|
|
57
|
+
provider: string;
|
|
58
|
+
providerAccountId: string;
|
|
59
|
+
}) => Promise<void>;
|
|
75
60
|
updateUser: (data: Partial<User> & {
|
|
76
61
|
id: string;
|
|
77
62
|
}) => Promise<User>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,aAAa,CAAC,EAAE,OAAO,GAAG,IAAI,CAAA;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,UAAU,CAAC,UAAU,SAAS,MAAM,GAAG,MAAM;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IACjB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAA;IACvB,QAAQ,CAAC,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;IAC3B,SAAS,CAAC,EAAE,UAAU,EAAE,CAAA;CACzB;AAED,eAAO,MAAM,YAAY;;;;CAIf,CAAA;AAEV,MAAM,WAAW,OAAQ,SAAQ,IAAI,CAAC,IAAI,EAAE,IAAI,GAAG,UAAU,CAAC;IAC5D,EAAE,CAAC,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,CAAA,CAAC,eAAe;IAC7B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA,CAAC,gBAAgB;IAC1C,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED,MAAM,WAAW,UAAW,SAAQ,OAAO;CAAG;AAE9C,MAAM,WAAW,OAAO;IACtB,OAAO,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IAC7C,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvD,gBAAgB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvF,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;IACnD,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IAC3F,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5C,WAAW,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChD,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7E,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC3H,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACnE,UAAU,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1C;AAED,qBAAa,SAAU,SAAQ,KAAK;IAClC,SAAkB,KAAK,CAAC,EAAE,OAAO,CAAA;IACjC,YAAY,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,EAI3C;CACF;AAED,wBAAgB,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,GAAE,YAAiB,GAAG,QAAQ,CAKlE;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,GAAG,GAAG,GAAS,GAAG,QAAQ,CAOvE;AAED,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,WAAW,CAAA"}
|
package/dist/src/core/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CSRF_COOKIE_NAME as m,CSRF_MAX_AGE as p,Cookies as t,DEFAULT_COOKIE_SERIALIZE_OPTIONS as
|
|
1
|
+
import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CSRF_COOKIE_NAME as m,CSRF_MAX_AGE as p,Cookies as t,DEFAULT_COOKIE_SERIALIZE_OPTIONS as S,LINKING_TOKEN_COOKIE_NAME as c,NULL_SESSION as e,PKCE_COOKIE_NAME as f,SESSION_COOKIE_NAME as h,SESSION_STRATEGY_COOKIE_NAME as i,createAuth as j,createHandler as k,json as n,parseCookies as s,redirect as u}from"../../chunk-SLSEX3Y5.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CSRF_COOKIE_NAME,p as CSRF_MAX_AGE,t as Cookies,S as DEFAULT_COOKIE_SERIALIZE_OPTIONS,c as LINKING_TOKEN_COOKIE_NAME,e as NULL_SESSION,f as PKCE_COOKIE_NAME,h as SESSION_COOKIE_NAME,i as SESSION_STRATEGY_COOKIE_NAME,j as createAuth,k as createHandler,n as json,s as parseCookies,u as redirect};//# sourceMappingURL=index.js.map
|
package/dist/src/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CSRF_COOKIE_NAME as m,CSRF_MAX_AGE as p,Cookies as t,DEFAULT_COOKIE_SERIALIZE_OPTIONS as
|
|
1
|
+
import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CSRF_COOKIE_NAME as m,CSRF_MAX_AGE as p,Cookies as t,DEFAULT_COOKIE_SERIALIZE_OPTIONS as S,LINKING_TOKEN_COOKIE_NAME as c,NULL_SESSION as e,PKCE_COOKIE_NAME as f,SESSION_COOKIE_NAME as h,SESSION_STRATEGY_COOKIE_NAME as i,createAuth as j,createHandler as k,json as n,parseCookies as s,redirect as u}from"../chunk-SLSEX3Y5.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CSRF_COOKIE_NAME,p as CSRF_MAX_AGE,t as Cookies,S as DEFAULT_COOKIE_SERIALIZE_OPTIONS,c as LINKING_TOKEN_COOKIE_NAME,e as NULL_SESSION,f as PKCE_COOKIE_NAME,h as SESSION_COOKIE_NAME,i as SESSION_STRATEGY_COOKIE_NAME,j as createAuth,k as createHandler,n as json,s as parseCookies,u as redirect};//# sourceMappingURL=index.js.map
|
package/dist/src/jwt/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{sign as o,verify as r}from"../../chunk-
|
|
1
|
+
import{sign as o,verify as r}from"../../chunk-SLSEX3Y5.js";export{o as sign,r as verify};//# sourceMappingURL=index.js.map
|
|
@@ -8,6 +8,14 @@ export interface OAuthProviderConfig {
|
|
|
8
8
|
redirectUri?: string;
|
|
9
9
|
scope?: string[];
|
|
10
10
|
}
|
|
11
|
+
export interface RefreshedTokens {
|
|
12
|
+
accessToken: string;
|
|
13
|
+
refreshToken?: string | null;
|
|
14
|
+
expiresAt?: number | null;
|
|
15
|
+
idToken?: string | null;
|
|
16
|
+
tokenType?: string | null;
|
|
17
|
+
scope?: string | null;
|
|
18
|
+
}
|
|
11
19
|
export interface AuthUser {
|
|
12
20
|
id: string;
|
|
13
21
|
name: string;
|
|
@@ -27,5 +35,9 @@ export interface OAuthProvider<T extends string = string> {
|
|
|
27
35
|
tokens: OAuth2Tokens;
|
|
28
36
|
user: AuthUser;
|
|
29
37
|
}>;
|
|
38
|
+
refreshAccessToken?: (refreshToken: string, options?: {
|
|
39
|
+
redirectUri?: string;
|
|
40
|
+
scopes?: string[];
|
|
41
|
+
}) => Promise<RefreshedTokens>;
|
|
30
42
|
}
|
|
31
43
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AAEjD,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,EAAE,OAAO,GAAG,IAAI,CAAA;IAC7B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAC7B;AAED,MAAM,WAAW,aAAa,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM;IACtD,EAAE,EAAE,CAAC,CAAA;IACL,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,mBAAmB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IACjI,gBAAgB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,YAAY,CAAC;QAAC,IAAI,EAAE,QAAQ,CAAA;KAAE,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AAEjD,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,EAAE,OAAO,GAAG,IAAI,CAAA;IAC7B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAC7B;AAED,MAAM,WAAW,aAAa,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM;IACtD,EAAE,EAAE,CAAC,CAAA;IACL,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,mBAAmB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IACjI,gBAAgB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,YAAY,CAAC;QAAC,IAAI,EAAE,QAAQ,CAAA;KAAE,CAAC,CAAA;IACjI,kBAAkB,CAAC,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,KAAK,OAAO,CAAC,eAAe,CAAC,CAAA;CAC/H"}
|
package/dist/src/oauth/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{CodeChallengeMethod as e,OAuth2Client as t}from"arctic";var i="https://api.github.com";function
|
|
1
|
+
import{CodeChallengeMethod as e,OAuth2Client as t}from"arctic";var i="https://api.github.com";function r(r){const a=new t(r.clientId,r.clientSecret,r.redirectUri??null);function n(e){return!e||r.redirectUri&&e===r.redirectUri?a:new t(r.clientId,r.clientSecret,e)}return{id:"github",async getAuthorizationUrl(t,i,a){const o=n(a?.redirectUri),c=a?.scopes??r.scope??["user:email"];return await o.createAuthorizationURLWithPKCE("https://github.com/login/oauth/authorize",t,e.S256,i,c)},async validateCallback(e,t,r){const a=n(r),o=await a.validateAuthorizationCode("https://github.com/login/oauth/access_token",e,t),c=await async function(e){const t=await fetch(`${i}/user`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}}),r=await t.json();let a=r.email,n=!1;const o=await fetch(`${i}/user/emails`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}});if(o.ok){const e=await o.json(),t=e.find(e=>e.primary&&e.verified);if(t)a=t.email,n=!0;else{const t=e.find(e=>e.verified);t&&(a=t.email,n=!0)}}return{id:r.id.toString(),name:r.name??r.login,email:a,emailVerified:n,avatar:r.avatar_url,raw:r}}(o.accessToken());return{tokens:o,user:c}}}}import{CodeChallengeMethod as a,OAuth2Client as n}from"arctic";var o="https://oauth2.googleapis.com/token";function c(e){const t=new n(e.clientId,e.clientSecret,e.redirectUri??null);function i(i){return i&&i!==e.redirectUri?new n(e.clientId,e.clientSecret,i):t}return{id:"google",requiresRedirectUri:!0,async getAuthorizationUrl(t,r,n){const o=i(n?.redirectUri),c=n?.scopes??e.scope??["openid","email","profile"];return await o.createAuthorizationURLWithPKCE("https://accounts.google.com/o/oauth2/v2/auth",t,a.S256,r,c)},async validateCallback(e,t,r){const a=i(r),n=await a.validateAuthorizationCode(o,e,t),c=await async function(e){const t=await fetch("https://openidconnect.googleapis.com/v1/userinfo",{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau"}}),i=await t.json();return{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified,avatar:i.picture,raw:i}}(n.accessToken());return{tokens:n,user:c}},async refreshAccessToken(t){const i=new URLSearchParams({client_id:e.clientId,client_secret:e.clientSecret,grant_type:"refresh_token",refresh_token:t}),r=await fetch(o,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:i}),a=await r.json();if(!r.ok)throw a;const n=a.expires_in,c="number"==typeof n?Math.floor(Date.now()/1e3)+Math.floor(n):void 0;return{accessToken:a.access_token,refreshToken:a.refresh_token??t,expiresAt:c??null,idToken:a.id_token??null,tokenType:a.token_type??null,scope:a.scope??null}}}}import{CodeChallengeMethod as s,OAuth2Client as l}from"arctic";async function d(e,t){const i=await fetch("https://graph.microsoft.com/v1.0/me",{headers:{Authorization:`Bearer ${e}`}}),r=await i.json();let a=r.mail??r.userPrincipalName,n=!1;if(t)try{const e=t.split("."),i=JSON.parse((new TextDecoder).decode(function(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),i=(4-t.length%4)%4,r=t.padEnd(t.length+i,"="),a=atob(r),n=a.length,o=new Uint8Array(n);for(let e=0;e<n;e++)o[e]=a.charCodeAt(e);return o}(e[1]))),r="9188040d-6c67-4c5b-b112-36a304b66dad";if(i.verified_primary_email){const e=Array.isArray(i.verified_primary_email)?i.verified_primary_email[0]:i.verified_primary_email;"string"==typeof e&&(a=e,n=!0)}else(i.tid===r||!0===i.xms_edov)&&(a=i.email??a,n=!0)}catch{}const o=await fetch("https://graph.microsoft.com/v1.0/me/photo/$value",{headers:{Authorization:`Bearer ${e}`}});let c=null;if(o.ok)try{const e=await o.blob(),t=new FileReader,i=new Promise((i,r)=>{t.onloadend=()=>i(t.result),t.onerror=r,t.readAsDataURL(e)});c=await i}catch{}return{id:r.id,name:r.displayName,email:a,emailVerified:n,avatar:c,raw:r}}function u(e){const t=e.tenant??"common",i=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`,a=new l(e.clientId,e.clientSecret,e.redirectUri??null);function n(t){return t&&t!==e.redirectUri?new l(e.clientId,e.clientSecret,t):a}return{id:"microsoft",requiresRedirectUri:!0,async getAuthorizationUrl(t,r,a){const o=n(a?.redirectUri),c=a?.scopes??e.scope??["openid","profile","email","User.Read"];return await o.createAuthorizationURLWithPKCE(i,t,s.S256,r,c)},async validateCallback(e,t,i){const a=n(i),o=await a.validateAuthorizationCode(r,e,t),c=await d(o.accessToken(),o.idToken());return{tokens:o,user:c}},async refreshAccessToken(t){const i=new URLSearchParams({client_id:e.clientId,client_secret:e.clientSecret,grant_type:"refresh_token",refresh_token:t,scope:(e.scope??["openid","profile","email","User.Read"]).join(" ")}),a=await fetch(r,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:i}),n=await a.json();if(!a.ok)throw n;const o=n.expires_in,c="number"==typeof o?Math.floor(Date.now()/1e3)+Math.floor(o):void 0;return{accessToken:n.access_token,refreshToken:n.refresh_token??t,expiresAt:c??null,idToken:n.id_token??null,tokenType:n.token_type??null,scope:n.scope??null}}}}export{r as GitHub,c as Google,u as Microsoft};//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/oauth/providers/github.ts","../../../src/oauth/providers/google.ts","../../../src/oauth/providers/microsoft.ts"],"sourcesContent":["import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize'\nconst GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nconst GITHUB_API_URL = 'https://api.github.com'\n\ninterface GitHubUser {\n id: number\n login: string\n avatar_url: string\n name: string\n email: string | null\n [key: string]: unknown\n}\n\ninterface GitHubEmail {\n email: string\n primary: boolean\n verified: boolean\n visibility: 'public' | 'private' | null\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(`${GITHUB_API_URL}/user`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n const data: GitHubUser = await response.json()\n\n let email: string | null = data.email\n let emailVerified = false\n\n const emailsResponse = await fetch(`${GITHUB_API_URL}/user/emails`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n\n if (emailsResponse.ok) {\n const emails: GitHubEmail[] = await emailsResponse.json()\n const primaryEmail = emails.find(e => e.primary && e.verified)\n if (primaryEmail) {\n email = primaryEmail.email\n emailVerified = true\n }\n else {\n // Fallback to the first verified email if no primary is found\n const verifiedEmail = emails.find(e => e.verified)\n if (verifiedEmail) {\n email = verifiedEmail.email\n emailVerified = true\n }\n }\n }\n\n return {\n id: data.id.toString(),\n name: data.name ?? data.login,\n email,\n emailVerified,\n avatar: data.avatar_url,\n raw: data,\n }\n}\n\nexport function GitHub(config: OAuthProviderConfig): OAuthProvider<'github'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || (config.redirectUri && redirectUri === config.redirectUri))\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'github',\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['user:email']\n const url = await client.createAuthorizationURLWithPKCE(GITHUB_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GITHUB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\nconst GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token'\nconst GOOGLE_USERINFO_URL = 'https://openidconnect.googleapis.com/v1/userinfo'\n\ninterface GoogleUser {\n sub: string\n name: string\n email: string | null\n email_verified: boolean\n picture: string | null\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(GOOGLE_USERINFO_URL, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n },\n })\n const data: GoogleUser = await response.json()\n\n return {\n id: data.sub,\n name: data.name,\n email: data.email,\n emailVerified: data.email_verified,\n avatar: data.picture,\n raw: data,\n }\n}\n\nexport function Google(config: OAuthProviderConfig): OAuthProvider<'google'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'google',\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'email', 'profile']\n const url = await client.createAuthorizationURLWithPKCE(GOOGLE_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GOOGLE_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc\nconst MICROSOFT_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'\n\n// https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0\nconst MICROSOFT_USER_PHOTO_URL = 'https://graph.microsoft.com/v1.0/me/photo/$value'\n\ninterface MicrosoftConfig extends OAuthProviderConfig {\n tenant?: 'common' | 'organizations' | 'consumers' | string\n}\n\ninterface MicrosoftUser {\n id: string\n displayName: string\n mail: string | null\n userPrincipalName: string\n [key: string]: unknown\n}\n\nfunction base64url_decode(str: string): Uint8Array {\n const base64 = str.replace(/-/g, '+').replace(/_/g, '/')\n const padLength = (4 - (base64.length % 4)) % 4\n const padded = base64.padEnd(base64.length + padLength, '=')\n const binary_string = atob(padded)\n const len = binary_string.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++)\n bytes[i] = binary_string.charCodeAt(i)\n\n return bytes\n}\n\nasync function getUser(accessToken: string, idToken: string | null): Promise<AuthUser> {\n const userResponse = await fetch(MICROSOFT_USER_INFO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n const userData: MicrosoftUser = await userResponse.json()\n\n let email: string | null = userData.mail ?? userData.userPrincipalName\n let emailVerified = false\n if (idToken) {\n try {\n const parts = idToken.split('.')\n const payload = JSON.parse(new TextDecoder().decode(base64url_decode(parts[1]!))) as Record<string, any>\n const personalTenantId = '9188040d-6c67-4c5b-b112-36a304b66dad'\n\n // For work/school accounts, the `verified_primary_email` is the source of truth.\n if (payload.verified_primary_email) {\n const primaryEmail = Array.isArray(payload.verified_primary_email)\n ? payload.verified_primary_email[0]\n : payload.verified_primary_email\n\n if (typeof primaryEmail === 'string') {\n email = primaryEmail\n emailVerified = true\n }\n }\n // For personal accounts, the `email` claim is reliable and verified.\n else if (payload.tid === personalTenantId) {\n email = payload.email ?? email\n emailVerified = true\n }\n // Legacy fallback for `xms_edov`.\n else if (payload.xms_edov === true) {\n email = payload.email ?? email\n emailVerified = true\n }\n }\n catch {\n }\n }\n\n const photoResponse = await fetch(MICROSOFT_USER_PHOTO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n\n let avatar: string | null = null\n if (photoResponse.ok) {\n try {\n const blob = await photoResponse.blob()\n const reader = new FileReader()\n const dataUrlPromise = new Promise<string>((resolve, reject) => {\n reader.onloadend = () => resolve(reader.result as string)\n reader.onerror = reject\n reader.readAsDataURL(blob)\n })\n avatar = await dataUrlPromise\n }\n catch {\n }\n }\n\n return {\n id: userData.id,\n name: userData.displayName,\n email,\n emailVerified,\n avatar,\n raw: userData,\n }\n}\n\nexport function Microsoft(config: MicrosoftConfig): OAuthProvider<'microsoft'> {\n const tenant = config.tenant ?? 'common'\n\n const authURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`\n const tokenURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`\n\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'microsoft',\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'profile', 'email', 'User.Read']\n const url = await client.createAuthorizationURLWithPKCE(authURL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(tokenURL, code, codeVerifier)\n const user = await getUser(tokens.accessToken(), tokens.idToken())\n return { tokens, user }\n },\n }\n}\n"],"mappings":";AACA,SAAS,qBAAqB,oBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,iBAAiB;AAkBvB,eAAe,QAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,GAAG,cAAc,SAAS;AAAA,IACrD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,MAAI,QAAuB,KAAK;AAChC,MAAI,gBAAgB;AAEpB,QAAM,iBAAiB,MAAM,MAAM,GAAG,cAAc,gBAAgB;AAAA,IAClE,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,MAAI,eAAe,IAAI;AACrB,UAAM,SAAwB,MAAM,eAAe,KAAK;AACxD,UAAM,eAAe,OAAO,KAAK,OAAK,EAAE,WAAW,EAAE,QAAQ;AAC7D,QAAI,cAAc;AAChB,cAAQ,aAAa;AACrB,sBAAgB;AAAA,IAClB,OACK;AAEH,YAAM,gBAAgB,OAAO,KAAK,OAAK,EAAE,QAAQ;AACjD,UAAI,eAAe;AACjB,gBAAQ,cAAc;AACtB,wBAAgB;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,MAAM,KAAK,QAAQ,KAAK;AAAA,IACxB;AAAA,IACA;AAAA,IACA,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAAsD;AAC3E,QAAM,gBAAgB,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAgB,OAAO,eAAe,gBAAgB,OAAO;AAChE,aAAO;AAET,WAAO,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IAEJ,MAAM,oBAAoB,OAAe,cAAsB,SAAuD;AACpH,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,YAAY;AAC/D,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAO,oBAAoB,MAAM,cAAc,MAAM;AAC9H,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAM,QAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;ACjGA,SAAS,uBAAAA,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,sBAAsB;AAW5B,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,qBAAqB;AAAA,IAChD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,OAAO,KAAK;AAAA,IACZ,eAAe,KAAK;AAAA,IACpB,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAAsD;AAC3E,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAuD;AACpH,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,SAAS,SAAS;AAC/E,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AAC9H,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;AC9DA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAGlD,IAAM,0BAA0B;AAGhC,IAAM,2BAA2B;AAcjC,SAAS,iBAAiB,KAAyB;AACjD,QAAM,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACvD,QAAM,aAAa,IAAK,OAAO,SAAS,KAAM;AAC9C,QAAM,SAAS,OAAO,OAAO,OAAO,SAAS,WAAW,GAAG;AAC3D,QAAM,gBAAgB,KAAK,MAAM;AACjC,QAAM,MAAM,cAAc;AAC1B,QAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,WAAS,IAAI,GAAG,IAAI,KAAK;AACvB,UAAM,CAAC,IAAI,cAAc,WAAW,CAAC;AAEvC,SAAO;AACT;AAEA,eAAeC,SAAQ,aAAqB,SAA2C;AACrF,QAAM,eAAe,MAAM,MAAM,yBAAyB;AAAA,IACxD,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AACD,QAAM,WAA0B,MAAM,aAAa,KAAK;AAExD,MAAI,QAAuB,SAAS,QAAQ,SAAS;AACrD,MAAI,gBAAgB;AACpB,MAAI,SAAS;AACX,QAAI;AACF,YAAM,QAAQ,QAAQ,MAAM,GAAG;AAC/B,YAAM,UAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,iBAAiB,MAAM,CAAC,CAAE,CAAC,CAAC;AAChF,YAAM,mBAAmB;AAGzB,UAAI,QAAQ,wBAAwB;AAClC,cAAM,eAAe,MAAM,QAAQ,QAAQ,sBAAsB,IAC7D,QAAQ,uBAAuB,CAAC,IAChC,QAAQ;AAEZ,YAAI,OAAO,iBAAiB,UAAU;AACpC,kBAAQ;AACR,0BAAgB;AAAA,QAClB;AAAA,MACF,WAES,QAAQ,QAAQ,kBAAkB;AACzC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB,WAES,QAAQ,aAAa,MAAM;AAClC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB;AAAA,IACF,QACM;AAAA,IACN;AAAA,EACF;AAEA,QAAM,gBAAgB,MAAM,MAAM,0BAA0B;AAAA,IAC1D,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AAED,MAAI,SAAwB;AAC5B,MAAI,cAAc,IAAI;AACpB,QAAI;AACF,YAAM,OAAO,MAAM,cAAc,KAAK;AACtC,YAAM,SAAS,IAAI,WAAW;AAC9B,YAAM,iBAAiB,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC9D,eAAO,YAAY,MAAM,QAAQ,OAAO,MAAgB;AACxD,eAAO,UAAU;AACjB,eAAO,cAAc,IAAI;AAAA,MAC3B,CAAC;AACD,eAAS,MAAM;AAAA,IACjB,QACM;AAAA,IACN;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,SAAS;AAAA,IACb,MAAM,SAAS;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA,KAAK;AAAA,EACP;AACF;AAEO,SAAS,UAAU,QAAqD;AAC7E,QAAM,SAAS,OAAO,UAAU;AAEhC,QAAM,UAAU,qCAAqC,MAAM;AAC3D,QAAM,WAAW,qCAAqC,MAAM;AAE5D,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAuD;AACpH,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW;AAC5F,YAAM,MAAM,MAAM,OAAO,+BAA+B,SAAS,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AACtH,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,UAAU,MAAM,YAAY;AAClF,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,GAAG,OAAO,QAAQ,CAAC;AACjE,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;","names":["CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/oauth/providers/github.ts","../../../src/oauth/providers/google.ts","../../../src/oauth/providers/microsoft.ts"],"sourcesContent":["import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize'\nconst GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nconst GITHUB_API_URL = 'https://api.github.com'\n\ninterface GitHubUser {\n id: number\n login: string\n avatar_url: string\n name: string\n email: string | null\n [key: string]: unknown\n}\n\ninterface GitHubEmail {\n email: string\n primary: boolean\n verified: boolean\n visibility: 'public' | 'private' | null\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(`${GITHUB_API_URL}/user`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n const data: GitHubUser = await response.json()\n\n let email: string | null = data.email\n let emailVerified = false\n\n const emailsResponse = await fetch(`${GITHUB_API_URL}/user/emails`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n\n if (emailsResponse.ok) {\n const emails: GitHubEmail[] = await emailsResponse.json()\n const primaryEmail = emails.find(e => e.primary && e.verified)\n if (primaryEmail) {\n email = primaryEmail.email\n emailVerified = true\n }\n else {\n // Fallback to the first verified email if no primary is found\n const verifiedEmail = emails.find(e => e.verified)\n if (verifiedEmail) {\n email = verifiedEmail.email\n emailVerified = true\n }\n }\n }\n\n return {\n id: data.id.toString(),\n name: data.name ?? data.login,\n email,\n emailVerified,\n avatar: data.avatar_url,\n raw: data,\n }\n}\n\nexport function GitHub(config: OAuthProviderConfig): OAuthProvider<'github'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || (config.redirectUri && redirectUri === config.redirectUri))\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'github',\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['user:email']\n const url = await client.createAuthorizationURLWithPKCE(GITHUB_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GITHUB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\nconst GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token'\nconst GOOGLE_USERINFO_URL = 'https://openidconnect.googleapis.com/v1/userinfo'\n\ninterface GoogleUser {\n sub: string\n name: string\n email: string | null\n email_verified: boolean\n picture: string | null\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(GOOGLE_USERINFO_URL, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n },\n })\n const data: GoogleUser = await response.json()\n\n return {\n id: data.sub,\n name: data.name,\n email: data.email,\n emailVerified: data.email_verified,\n avatar: data.picture,\n raw: data,\n }\n}\n\nexport function Google(config: OAuthProviderConfig): OAuthProvider<'google'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'google',\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'email', 'profile']\n const url = await client.createAuthorizationURLWithPKCE(GOOGLE_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GOOGLE_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n\n async refreshAccessToken(refreshToken: string): Promise<RefreshedTokens> {\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n })\n const res = await fetch(GOOGLE_TOKEN_URL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json() as any\n if (!res.ok)\n throw json\n\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc\nconst MICROSOFT_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'\n\n// https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0\nconst MICROSOFT_USER_PHOTO_URL = 'https://graph.microsoft.com/v1.0/me/photo/$value'\n\ninterface MicrosoftConfig extends OAuthProviderConfig {\n tenant?: 'common' | 'organizations' | 'consumers' | string\n}\n\ninterface MicrosoftUser {\n id: string\n displayName: string\n mail: string | null\n userPrincipalName: string\n [key: string]: unknown\n}\n\nfunction base64url_decode(str: string): Uint8Array {\n const base64 = str.replace(/-/g, '+').replace(/_/g, '/')\n const padLength = (4 - (base64.length % 4)) % 4\n const padded = base64.padEnd(base64.length + padLength, '=')\n const binary_string = atob(padded)\n const len = binary_string.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++)\n bytes[i] = binary_string.charCodeAt(i)\n\n return bytes\n}\n\nasync function getUser(accessToken: string, idToken: string | null): Promise<AuthUser> {\n const userResponse = await fetch(MICROSOFT_USER_INFO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n const userData: MicrosoftUser = await userResponse.json()\n\n let email: string | null = userData.mail ?? userData.userPrincipalName\n let emailVerified = false\n if (idToken) {\n try {\n const parts = idToken.split('.')\n const payload = JSON.parse(new TextDecoder().decode(base64url_decode(parts[1]!))) as Record<string, any>\n const personalTenantId = '9188040d-6c67-4c5b-b112-36a304b66dad'\n\n // For work/school accounts, the `verified_primary_email` is the source of truth.\n if (payload.verified_primary_email) {\n const primaryEmail = Array.isArray(payload.verified_primary_email)\n ? payload.verified_primary_email[0]\n : payload.verified_primary_email\n\n if (typeof primaryEmail === 'string') {\n email = primaryEmail\n emailVerified = true\n }\n }\n // For personal accounts, the `email` claim is reliable and verified.\n else if (payload.tid === personalTenantId) {\n email = payload.email ?? email\n emailVerified = true\n }\n // Legacy fallback for `xms_edov`.\n else if (payload.xms_edov === true) {\n email = payload.email ?? email\n emailVerified = true\n }\n }\n catch {\n }\n }\n\n const photoResponse = await fetch(MICROSOFT_USER_PHOTO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n\n let avatar: string | null = null\n if (photoResponse.ok) {\n try {\n const blob = await photoResponse.blob()\n const reader = new FileReader()\n const dataUrlPromise = new Promise<string>((resolve, reject) => {\n reader.onloadend = () => resolve(reader.result as string)\n reader.onerror = reject\n reader.readAsDataURL(blob)\n })\n avatar = await dataUrlPromise\n }\n catch {\n }\n }\n\n return {\n id: userData.id,\n name: userData.displayName,\n email,\n emailVerified,\n avatar,\n raw: userData,\n }\n}\n\nexport function Microsoft(config: MicrosoftConfig): OAuthProvider<'microsoft'> {\n const tenant = config.tenant ?? 'common'\n\n const authURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`\n const tokenURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`\n\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'microsoft',\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'profile', 'email', 'User.Read']\n const url = await client.createAuthorizationURLWithPKCE(authURL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(tokenURL, code, codeVerifier)\n const user = await getUser(tokens.accessToken(), tokens.idToken())\n return { tokens, user }\n },\n\n async refreshAccessToken(refreshToken: string): Promise<RefreshedTokens> {\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n scope: (config.scope ?? ['openid', 'profile', 'email', 'User.Read']).join(' '),\n })\n const res = await fetch(tokenURL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json() as any\n if (!res.ok)\n throw json\n\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n"],"mappings":";AACA,SAAS,qBAAqB,oBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,iBAAiB;AAkBvB,eAAe,QAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,GAAG,cAAc,SAAS;AAAA,IACrD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,MAAI,QAAuB,KAAK;AAChC,MAAI,gBAAgB;AAEpB,QAAM,iBAAiB,MAAM,MAAM,GAAG,cAAc,gBAAgB;AAAA,IAClE,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,MAAI,eAAe,IAAI;AACrB,UAAM,SAAwB,MAAM,eAAe,KAAK;AACxD,UAAM,eAAe,OAAO,KAAK,OAAK,EAAE,WAAW,EAAE,QAAQ;AAC7D,QAAI,cAAc;AAChB,cAAQ,aAAa;AACrB,sBAAgB;AAAA,IAClB,OACK;AAEH,YAAM,gBAAgB,OAAO,KAAK,OAAK,EAAE,QAAQ;AACjD,UAAI,eAAe;AACjB,gBAAQ,cAAc;AACtB,wBAAgB;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,MAAM,KAAK,QAAQ,KAAK;AAAA,IACxB;AAAA,IACA;AAAA,IACA,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAAsD;AAC3E,QAAM,gBAAgB,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAgB,OAAO,eAAe,gBAAgB,OAAO;AAChE,aAAO;AAET,WAAO,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IAEJ,MAAM,oBAAoB,OAAe,cAAsB,SAAuD;AACpH,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,YAAY;AAC/D,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAO,oBAAoB,MAAM,cAAc,MAAM;AAC9H,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAM,QAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;ACjGA,SAAS,uBAAAA,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,sBAAsB;AAW5B,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,qBAAqB;AAAA,IAChD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,OAAO,KAAK;AAAA,IACZ,eAAe,KAAK;AAAA,IACpB,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAAsD;AAC3E,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAuD;AACpH,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,SAAS,SAAS;AAC/E,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AAC9H,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,mBAAmB,cAAgD;AACvE,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,MACjB,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,kBAAkB;AAAA,QACxC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AAER,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAE1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;;;AC7FA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAGlD,IAAM,0BAA0B;AAGhC,IAAM,2BAA2B;AAcjC,SAAS,iBAAiB,KAAyB;AACjD,QAAM,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACvD,QAAM,aAAa,IAAK,OAAO,SAAS,KAAM;AAC9C,QAAM,SAAS,OAAO,OAAO,OAAO,SAAS,WAAW,GAAG;AAC3D,QAAM,gBAAgB,KAAK,MAAM;AACjC,QAAM,MAAM,cAAc;AAC1B,QAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,WAAS,IAAI,GAAG,IAAI,KAAK;AACvB,UAAM,CAAC,IAAI,cAAc,WAAW,CAAC;AAEvC,SAAO;AACT;AAEA,eAAeC,SAAQ,aAAqB,SAA2C;AACrF,QAAM,eAAe,MAAM,MAAM,yBAAyB;AAAA,IACxD,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AACD,QAAM,WAA0B,MAAM,aAAa,KAAK;AAExD,MAAI,QAAuB,SAAS,QAAQ,SAAS;AACrD,MAAI,gBAAgB;AACpB,MAAI,SAAS;AACX,QAAI;AACF,YAAM,QAAQ,QAAQ,MAAM,GAAG;AAC/B,YAAM,UAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,iBAAiB,MAAM,CAAC,CAAE,CAAC,CAAC;AAChF,YAAM,mBAAmB;AAGzB,UAAI,QAAQ,wBAAwB;AAClC,cAAM,eAAe,MAAM,QAAQ,QAAQ,sBAAsB,IAC7D,QAAQ,uBAAuB,CAAC,IAChC,QAAQ;AAEZ,YAAI,OAAO,iBAAiB,UAAU;AACpC,kBAAQ;AACR,0BAAgB;AAAA,QAClB;AAAA,MACF,WAES,QAAQ,QAAQ,kBAAkB;AACzC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB,WAES,QAAQ,aAAa,MAAM;AAClC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB;AAAA,IACF,QACM;AAAA,IACN;AAAA,EACF;AAEA,QAAM,gBAAgB,MAAM,MAAM,0BAA0B;AAAA,IAC1D,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AAED,MAAI,SAAwB;AAC5B,MAAI,cAAc,IAAI;AACpB,QAAI;AACF,YAAM,OAAO,MAAM,cAAc,KAAK;AACtC,YAAM,SAAS,IAAI,WAAW;AAC9B,YAAM,iBAAiB,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC9D,eAAO,YAAY,MAAM,QAAQ,OAAO,MAAgB;AACxD,eAAO,UAAU;AACjB,eAAO,cAAc,IAAI;AAAA,MAC3B,CAAC;AACD,eAAS,MAAM;AAAA,IACjB,QACM;AAAA,IACN;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,SAAS;AAAA,IACb,MAAM,SAAS;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA,KAAK;AAAA,EACP;AACF;AAEO,SAAS,UAAU,QAAqD;AAC7E,QAAM,SAAS,OAAO,UAAU;AAEhC,QAAM,UAAU,qCAAqC,MAAM;AAC3D,QAAM,WAAW,qCAAqC,MAAM;AAE5D,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAuD;AACpH,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW;AAC5F,YAAM,MAAM,MAAM,OAAO,+BAA+B,SAAS,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AACtH,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,UAAU,MAAM,YAAY;AAClF,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,GAAG,OAAO,QAAQ,CAAC;AACjE,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,mBAAmB,cAAgD;AACvE,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,QACf,QAAQ,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW,GAAG,KAAK,GAAG;AAAA,MAC/E,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,UAAU;AAAA,QAChC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AAER,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAE1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;","names":["CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/google.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,
|
|
1
|
+
{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/google.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAmB,MAAM,UAAU,CAAA;AAmC7F,wBAAgB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CAAC,QAAQ,CAAC,CA2D3E"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/microsoft.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,
|
|
1
|
+
{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/microsoft.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAmB,MAAM,UAAU,CAAA;AAS7F,UAAU,eAAgB,SAAQ,mBAAmB;IACnD,MAAM,CAAC,EAAE,QAAQ,GAAG,eAAe,GAAG,WAAW,GAAG,MAAM,CAAA;CAC3D;AAiGD,wBAAgB,SAAS,CAAC,MAAM,EAAE,eAAe,GAAG,aAAa,CAAC,WAAW,CAAC,CAiE7E"}
|
|
@@ -15,9 +15,9 @@ type AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof c
|
|
|
15
15
|
* ```
|
|
16
16
|
*/
|
|
17
17
|
export declare function SolidAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>): {
|
|
18
|
-
GET: (event: any) => Promise<
|
|
19
|
-
POST: (event: any) => Promise<
|
|
20
|
-
OPTIONS: (event: any) => Promise<
|
|
18
|
+
GET: (event: any) => Promise<Response>;
|
|
19
|
+
POST: (event: any) => Promise<Response>;
|
|
20
|
+
OPTIONS: (event: any) => Promise<Response>;
|
|
21
21
|
};
|
|
22
22
|
/**
|
|
23
23
|
* Creates a SolidStart-compatible getSession resolver to validate a session from a Request.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{NULL_SESSION as e,SESSION_COOKIE_NAME as r,createAuth as t,createHandler as n,parseCookies as o}from"../../chunk-
|
|
1
|
+
import{NULL_SESSION as e,SESSION_COOKIE_NAME as r,createAuth as t,createHandler as n,parseCookies as o}from"../../chunk-SLSEX3Y5.js";import s from"process";function i(e){const r="providerMap"in e&&"signJWT"in e?e:t(e);r.development="development"===s.env.NODE_ENV;const o=n(r),i=e=>o(e.request);return{GET:i,POST:i,OPTIONS:i}}function a(t){return async function(n){let s=o(n.headers.get("Cookie")).get(r);if(!s){const e=n.headers.get("Authorization");e?.startsWith("Bearer ")&&(s=e.substring(7))}const i=Array.from(t.providerMap.keys());if(!s)return{...e,providers:i};try{const r=await t.validateSession(s);return r?{...r,providers:i}:{...e,providers:i}}catch{return{...e,providers:i}}}}function c(e,r){const n=a("providerMap"in r&&"signJWT"in r?r:t(r));return async r=>{const t=new URL(r.request.url);if("boolean"==typeof e?e:e.includes(t.pathname)){const e=await n(r.request);return void(r.locals.getSession=async()=>e)}r.locals.getSession=()=>n(r.request)}}export{i as SolidAuth,c as authMiddleware,a as createSolidStartGetSession};//# sourceMappingURL=index.js.map
|
|
@@ -16,9 +16,9 @@ type AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof c
|
|
|
16
16
|
* ```
|
|
17
17
|
*/
|
|
18
18
|
export declare function SvelteKitAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>): {
|
|
19
|
-
GET: (event: RequestEvent<Record<string, string>, string | null>) => Promise<
|
|
20
|
-
POST: (event: RequestEvent<Record<string, string>, string | null>) => Promise<
|
|
21
|
-
OPTIONS: (event: RequestEvent<Record<string, string>, string | null>) => Promise<
|
|
19
|
+
GET: (event: RequestEvent<Record<string, string>, string | null>) => Promise<Response>;
|
|
20
|
+
POST: (event: RequestEvent<Record<string, string>, string | null>) => Promise<Response>;
|
|
21
|
+
OPTIONS: (event: RequestEvent<Record<string, string>, string | null>) => Promise<Response>;
|
|
22
22
|
handle: Handle;
|
|
23
23
|
};
|
|
24
24
|
export {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{NULL_SESSION as e,SESSION_COOKIE_NAME as r,createAuth as t,createHandler as s,parseCookies as n}from"../../chunk-
|
|
1
|
+
import{NULL_SESSION as e,SESSION_COOKIE_NAME as r,createAuth as t,createHandler as s,parseCookies as n}from"../../chunk-SLSEX3Y5.js";function o(o){const i="providerMap"in o&&"signJWT"in o?o:t(o);(async()=>{try{i.development=(await import("$app/environment")).dev}catch{i.development=!1}})();const a=s(i),c=e=>a(e.request);return{GET:c,POST:c,OPTIONS:c,handle:async({event:t,resolve:s})=>(t.locals.getSession=async()=>{let s=n(t.request.headers.get("Cookie")).get(r);if(!s){const e=t.request.headers.get("Authorization");e?.startsWith("Bearer ")&&(s=e.substring(7))}const o=Array.from(i.providerMap.keys());if(!s)return{...e,providers:o};try{const r=await i.validateSession(s);return r?{...r,providers:o}:{...e,providers:o}}catch{return{...e,providers:o}}},s(t))}}export{o as SvelteKitAuth};//# sourceMappingURL=index.js.map
|
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rttnd/gau",
|
|
3
3
|
"type": "module",
|
|
4
|
-
"version": "0.
|
|
5
|
-
"packageManager": "bun@1.2.
|
|
4
|
+
"version": "0.4.0",
|
|
5
|
+
"packageManager": "bun@1.2.21",
|
|
6
6
|
"description": "gau is a delightful auth library",
|
|
7
7
|
"license": "MIT",
|
|
8
8
|
"homepage": "https://github.com/Rettend/gau#readme",
|
|
@@ -140,17 +140,17 @@
|
|
|
140
140
|
"esm-env": "^1.2.2"
|
|
141
141
|
},
|
|
142
142
|
"devDependencies": {
|
|
143
|
-
"@antfu/eslint-config": "^5.2.
|
|
144
|
-
"@libsql/client": "^0.15.
|
|
143
|
+
"@antfu/eslint-config": "^5.2.2",
|
|
144
|
+
"@libsql/client": "^0.15.14",
|
|
145
145
|
"@types/better-sqlite3": "^7.6.13",
|
|
146
|
-
"@types/bun": "^1.2.
|
|
147
|
-
"@types/node": "^24.3.
|
|
146
|
+
"@types/bun": "^1.2.21",
|
|
147
|
+
"@types/node": "^24.3.1",
|
|
148
148
|
"@vitest/coverage-v8": "^3.2.4",
|
|
149
149
|
"@vitest/ui": "^3.2.4",
|
|
150
150
|
"better-sqlite3": "^12.2.0",
|
|
151
151
|
"bumpp": "^10.2.3",
|
|
152
152
|
"drizzle-kit": "^0.31.4",
|
|
153
|
-
"eslint": "^9.
|
|
153
|
+
"eslint": "^9.34.0",
|
|
154
154
|
"vitest": "^3.2.4"
|
|
155
155
|
}
|
|
156
156
|
}
|
package/dist/chunk-BU67DYGK.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
import{createJWTSignatureMessage as e,encodeJWT as t,JWSRegisteredHeaders as r,JWTRegisteredClaims as n,parseJWT as s}from"@oslojs/jwt";import{parse as o,serialize as i}from"cookie";var a={path:"/",sameSite:"lax",secure:!0,httpOnly:!0};function c(e){const t=new Map;if(e){const r=o(e);for(const e in r)t.set(e,r[e])}return t}var l=class{constructor(e,t){this.requestCookies=e,this.defaultOptions=t}#e=[];get(e){return this.requestCookies.get(e)}set(e,t,r){const n={...this.defaultOptions,...r};this.#e.push([e,t,n])}delete(e,t){this.set(e,"",{...t,expires:new Date(0),maxAge:0})}toHeaders(){const e=new Headers;for(const[t,r,n]of this.#e)e.append("Set-Cookie",i(t,r,n));return e}},u="__gau-csrf-token",d="__gau-session-token",h="__gau-session-strategy",f="__gau-linking-token",g="__gau-pkce-code-verifier",p="__gau-callback-uri",w=600;function m({adapter:e,providers:t,basePath:r="/api/auth",jwt:n={},session:s={},cookies:o={},trustHosts:i=[],autoLink:c="verifiedEmail"}){const{algorithm:l="ES256",secret:u,iss:d,aud:h,ttl:f=86400}=n,g={...a,...o},p=s.strategy??"auto";if("ES256"===l&&void 0!==u&&"string"!=typeof u)throw new M("For ES256, the secret option must be a string.");const w=new Map(t.map(e=>[e.id,e]));async function m(e,t={}){return N(e,function(e={}){const t={ttl:e.ttl,iss:e.iss??d,aud:e.aud??h,sub:e.sub};if("HS256"===l)return{algorithm:l,secret:e.secret??u,...t};{if(void 0!==e.secret&&"string"!=typeof e.secret)throw new M("For ES256, the secret option must be a string.");const r=e.secret??u;return{algorithm:l,privateKey:e.privateKey,secret:r,...t}}}(t))}async function y(e,t={}){const r=function(e={}){const t={iss:e.iss??d,aud:e.aud??h};if("HS256"===l)return{algorithm:l,secret:e.secret??u,...t};{if(void 0!==e.secret&&"string"!=typeof e.secret)throw new M("For ES256, the secret option must be a string.");const r=e.secret??u;return{algorithm:l,publicKey:e.publicKey,secret:r,...t}}}(t);try{return await F(e,r)}catch{return null}}return{...e,providerMap:w,basePath:r,cookieOptions:g,jwt:{ttl:f},signJWT:m,verifyJWT:y,createSession:async function(e,t={},r=f){return m({sub:e,...t},{ttl:r})},validateSession:async function(t){const r=await y(t);if(!r)return null;const n=await e.getUserAndAccounts(r.sub);if(!n)return null;const{user:s,accounts:o}=n;return{user:s,session:{id:t,...r},accounts:o}},trustHosts:i,autoLink:c,sessionStrategy:p,development:!1}}async function y(e,t,r){const n=t.providerMap.get(r);if(!n)return R({error:"Provider not found"},{status:400});const s=new URL(e.url),o=s.searchParams.get("code"),i=s.searchParams.get("state");if(!o||!i)return R({error:"Missing code or state"},{status:400});const a=c(e.headers.get("Cookie")),h=new l(a,t.cookieOptions);let w,m="/";if(i.includes(".")){const[e,t]=i.split(".");w=e;try{m=atob(t??"")||"/"}catch{m="/"}}else w=i;const y=h.get(u);if(!y||y!==w)return R({error:"Invalid CSRF token"},{status:403});const v=h.get(g);if(!v)return R({error:"Missing PKCE code verifier"},{status:400});const S=h.get(p),A=h.get(f);A&&h.delete(f);const k=!!A;if(k){if(!await t.validateSession(A)){h.delete(u),h.delete(g),S&&h.delete(p);const e=L(m);return h.toHeaders().forEach((t,r)=>e.headers.append(r,t)),e}}const{user:b,tokens:E}=await n.validateCallback(o,v,S??void 0);let C=null;const U=await t.getUserByAccount(r,b.id);if(k){if(C=(await t.validateSession(A)).user,!C)return R({error:"User not found"},{status:404});if(U&&U.id!==C.id)return R({error:"Account already linked to another user"},{status:409})}else C=U;if(!C){const e=t.autoLink??"verifiedEmail";if(b.email&&("always"===e||"verifiedEmail"===e&&!0===b.emailVerified)){const e=await t.getUserByEmail(b.email);e&&(C=b.emailVerified&&!e.emailVerified?await t.updateUser({id:e.id,emailVerified:!0}):e)}if(!C)try{C=await t.createUser({name:b.name,email:b.email,image:b.avatar,emailVerified:b.emailVerified})}catch(e){return console.error("Failed to create user:",e),R({error:"Failed to create user"},{status:500})}}if(C&&b.email){const{email:e,emailVerified:r}=C,{email:n,emailVerified:s}=b,o={id:C.id};let i=!1;if(e?e!==n||!0!==s||r||(o.emailVerified=!0,i=!0):(o.email=n,o.emailVerified=s??!1,i=!0),i)try{C=await t.updateUser(o)}catch(e){console.error("Failed to update user after sign-in:",e)}}if(!U){let e,n,s;try{e=E.refreshToken()}catch{e=null}try{const e=E.accessTokenExpiresAt();e&&(n=Math.floor(e.getTime()/1e3))}catch{}try{s=E.idToken()}catch{s=null}try{await t.linkAccount({userId:C.id,provider:r,providerAccountId:b.id,accessToken:E.accessToken(),refreshToken:e,expiresAt:n,tokenType:E.tokenType?.()??null,scope:E.scopes()?.join(" ")??null,idToken:s})}catch(e){return console.error("Error linking account:",e),R({error:"Failed to link account"},{status:500})}}const T=await t.createSession(C.id),H=new URL(e.url),P=new URL(m,e.url),x="token"===t.sessionStrategy,O="cookie"===t.sessionStrategy,M="gau:"===P.protocol,I=H.host!==P.host;if(x||!O&&(M||I)){const e=new URL(P);e.hash=`token=${T}`;const t=`<!DOCTYPE html>\n<html lang="en">\n<head>\n <meta charset="utf-8" />\n <title>Authentication Complete</title>\n <style>\n body {\n font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";\n background-color: #09090b;\n color: #fafafa;\n display: flex;\n justify-content: center;\n align-items: center;\n height: 100vh;\n margin: 0;\n text-align: center;\n }\n .card {\n background-color: #18181b;\n border: 1px solid #27272a;\n border-radius: 0.75rem;\n padding: 2rem;\n max-width: 320px;\n }\n h1 {\n font-size: 1.25rem;\n font-weight: 600;\n margin: 0 0 0.5rem;\n }\n p {\n margin: 0;\n color: #a1a1aa;\n }\n </style>\n <script>\n window.onload = function() {\n const url = ${JSON.stringify(e.toString())};\n window.location.href = url;\n setTimeout(window.close, 500);\n };\n <\/script>\n</head>\n<body>\n <div class="card">\n <h1>Authentication Successful</h1>\n <p>You can now close this window.</p>\n </div>\n</body>\n</html>`;h.delete(u),h.delete(g),S&&h.delete(p);const r=new Response(t,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return h.toHeaders().forEach((e,t)=>{r.headers.append(t,e)}),r}h.set(d,T,{maxAge:t.jwt.ttl,sameSite:t.development?"lax":"none",secure:!t.development}),h.delete(u),h.delete(g),S&&h.delete(p);let N;if("false"===s.searchParams.get("redirect")){const e=await t.getAccounts(C.id);N=R({user:{...C,accounts:e}})}else N=L(m);return h.toHeaders().forEach((e,t)=>{N.headers.append(t,e)}),N}function v(e,t){const r=e.headers.get("Origin")||e.headers.get("origin");return r?(t.headers.set("Access-Control-Allow-Origin",r),t.headers.set("Vary","Origin"),t.headers.set("Access-Control-Allow-Credentials","true"),t.headers.set("Access-Control-Allow-Headers","Content-Type, Authorization, Cookie"),t.headers.set("Access-Control-Allow-Methods","GET, POST, OPTIONS"),t):t}function S(e){const t=e.headers.get("Origin")||e.headers.get("origin")||"*";return new Response(null,{status:204,headers:{"Access-Control-Allow-Origin":t,"Access-Control-Allow-Credentials":"true","Access-Control-Allow-Headers":"Content-Type, Authorization, Cookie","Access-Control-Allow-Methods":"GET, POST, OPTIONS"}})}import{generateCodeVerifier as A,generateState as k}from"arctic";function b(e,t,r){if("all"===t)return!0;const n=e.headers.get("origin");if(!n)return!1;let s;try{s=new URL(n).host}catch{return!1}if(r){if(s.startsWith("localhost")||s.startsWith("127.0.0.1"))return!0}const o=new URL(e.url),i=o.host;return n===`${o.protocol}//${i}`||t.includes(s)}async function E(e,t,r,n){const s=t.providerMap.get(r);if(!s)return R({error:"Provider not found"},{status:400});const{state:o,codeVerifier:i}={state:k(),codeVerifier:A()},a=new URL(e.url),d=a.searchParams.get("redirectTo");if(d){let r;try{if(d.startsWith("//"))throw new Error("Protocol-relative URL not allowed");r=new URL(d,a.origin)}catch{return R({error:'Invalid "redirectTo" URL'},{status:400})}const n=r.host,s=n===new URL(e.url).host,o="all"===t.trustHosts||t.trustHosts.includes(n);if(("http:"===r.protocol||"https:"===r.protocol)&&!s&&!o)return R({error:"Untrusted redirect host"},{status:400})}const h=d?`${o}.${btoa(d)}`:o;let w,m=a.searchParams.get("callbackUri");!m&&s.requiresRedirectUri&&(m=`${a.origin}${t.basePath}/${r}/callback`);try{w=await s.getAuthorizationUrl(h,i,{redirectUri:m??void 0})}catch(e){console.error("Error getting authorization URL:",e),w=null}if(!w)return R({error:"Could not create authorization URL"},{status:500});const y=c(e.headers.get("Cookie")),v=new l(y,t.cookieOptions),S={maxAge:600,sameSite:t.development?"lax":"none",secure:!t.development};v.set(u,o,S),v.set(g,i,S),n&&v.set(f,n,S),m&&v.set(p,m,S);if("false"===a.searchParams.get("redirect")){const e=R({url:w.toString()});return v.toHeaders().forEach((t,r)=>{e.headers.append(r,t)}),e}const b=L(w.toString());return v.toHeaders().forEach((e,t)=>{b.headers.append(t,e)}),b}async function C(e,t,r){const n=new URL(e.url);let s=c(e.headers.get("Cookie")).get(d);if(!s){const t=e.headers.get("Authorization");t?.startsWith("Bearer ")&&(s=t.substring(7))}if(s||(s=n.searchParams.get("token")??void 0),!s)return R({error:"Unauthorized"},{status:401});if(!await t.validateSession(s))return R({error:"Unauthorized"},{status:401});n.searchParams.delete("token");return E(new Request(n.toString(),e),t,r,s)}async function U(e,t,r){let n=c(e.headers.get("Cookie")).get(d);if(!n){const t=e.headers.get("Authorization");t?.startsWith("Bearer ")&&(n=t.substring(7))}if(!n)return R({error:"Unauthorized"},{status:401});const s=await t.validateSession(n);if(!s||!s.user)return R({error:"Unauthorized"},{status:401});const o=s.accounts??[];if(o.length<=1)return R({error:"Cannot unlink the last account"},{status:400});const i=o.find(e=>e.provider===r);if(!i)return R({error:`Provider "${r}" not linked to this account`},{status:400});await t.unlinkAccount(r,i.providerAccountId);if((await t.getAccounts(s.user.id)).length>0&&s.user.email)try{await t.updateUser({id:s.user.id,email:null,emailVerified:!1})}catch(e){console.error("Failed to clear stale email after unlinking:",e)}return R({message:"Account unlinked successfully"})}async function T(e,t,r){return E(e,t,r,null)}async function H(e,t){const r=c(e.headers.get("Cookie")),n=new l(r,t.cookieOptions);n.delete(d,{sameSite:t.development?"lax":"none",secure:!t.development});const s=R({message:"Signed out"});return n.toHeaders().forEach((e,t)=>{s.headers.append(t,e)}),s}async function P(e,t){let r=c(e.headers.get("Cookie")).get(d);if(!r){const t=e.headers.get("Authorization");t?.startsWith("Bearer ")&&(r=t.substring(7))}const n=Array.from(t.providerMap.keys());if(!r)return R({...O,providers:n});try{const e=await t.validateSession(r);return e?R({...e,providers:n}):R({...O,providers:n},{status:401})}catch(e){return console.error("Error validating session:",e),R({error:"Failed to validate session"},{status:500})}}function x(e){const{basePath:t}=e;return async function(r){if("OPTIONS"===r.method)return S(r);const n=new URL(r.url);if(!n.pathname.startsWith(t))return v(r,R({error:"Not Found"},{status:404}));if("POST"===r.method&&!b(r,e.trustHosts,e.development)){if(e.development){const e=r.headers.get("origin")??"N/A";return v(r,R({error:"Forbidden",message:`Untrusted origin: '${e}'. Add this origin to 'trustHosts' in createAuth() or ensure you are using 'localhost' or '127.0.0.1' for development.`},{status:403}))}return v(r,R({error:"Forbidden"},{status:403}))}const s=n.pathname.substring(t.length).split("/").filter(Boolean),o=s[0];if(!o)return v(r,R({error:"Not Found"},{status:404}));let i;return i="GET"===r.method?"session"===o?await P(r,e):2===s.length&&"link"===s[0]?await C(r,e,s[1]):2===s.length&&"callback"===s[1]?await y(r,e,o):1===s.length?await T(r,e,o):R({error:"Not Found"},{status:404}):"POST"===r.method?1===s.length&&"signout"===o?await H(r,e):2===s.length&&"unlink"===s[0]?await U(r,e,s[1]):R({error:"Not Found"},{status:404}):R({error:"Method Not Allowed"},{status:405}),v(r,i)}}var O={user:null,session:null,accounts:null},M=class extends Error{cause;constructor(e,t){super(e),this.name="AuthError",this.cause=t}};function R(e,t={}){const r=new Headers(t.headers);return r.has("Content-Type")||r.set("Content-Type","application/json; charset=utf-8"),new Response(JSON.stringify(e),{...t,headers:r})}function L(e,t=302){return new Response(null,{status:t,headers:{Location:e}})}async function I(e){try{const t=function(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"=");try{const e=atob(n),t=e.length,r=new Uint8Array(t);for(let n=0;n<t;n++)r[n]=e.charCodeAt(n);return r}catch{throw new M("Invalid base64url string")}}(e),r=await crypto.subtle.importKey("pkcs8",t.slice(),{name:"ECDSA",namedCurve:"P-256"},!0,["sign"]),n=await crypto.subtle.exportKey("jwk",r);delete n.d,n.key_ops=["verify"];return{privateKey:r,publicKey:await crypto.subtle.importKey("jwk",n,{name:"ECDSA",namedCurve:"P-256"},!0,["verify"])}}catch(e){if(e instanceof M)throw e;throw new M("Invalid secret. Must be a base64url-encoded PKCS#8 private key for ES256. Use `bunx gau secret` to generate one.",e)}}async function N(r,n={}){let{algorithm:s="ES256",ttl:o,iss:i,aud:a,sub:c,privateKey:l,secret:u}=n;if("ES256"===s){if(!l){if("string"!=typeof u)throw new M("Missing secret for ES256 signing. It must be a base64url-encoded string.");({privateKey:l}=await I(u))}}else if("HS256"===s&&!u)throw new M("Missing secret for HS256 signing");const d=Math.floor(Date.now()/1e3),h={iat:d,iss:i,aud:a,sub:c,...r};null!=o&&o>0&&(h.exp=d+o);const f="HS256"===s,g=f?"HS256":"ES256",p=JSON.stringify({alg:g,typ:"JWT"}),w=JSON.stringify(h),m=e(p,w);let y;if(f){const e="string"==typeof u?(new TextEncoder).encode(u):u,t=await crypto.subtle.importKey("raw",e,{name:"HMAC",hash:"SHA-256"},!1,["sign"]);y=new Uint8Array(await crypto.subtle.sign("HMAC",t,m))}else y=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},l,m));return t(p,w,y)}async function F(e,t){let{algorithm:o="ES256",publicKey:i,secret:a,iss:c,aud:l}=t;if("ES256"===o&&!i){if("string"!=typeof a)throw new M("Missing secret for ES256 verification. Must be a base64url-encoded string.");({publicKey:i}=await I(a))}if("HS256"===o&&!a)throw new M("Missing secret for HS256 verification");const[u,d,h,f]=s(e),g=new r(u).algorithm();let p=!1;if("HS256"===o){if("HS256"!==g)throw new Error(`JWT algorithm is "${g}", but verifier was configured for "HS256"`);const e="string"==typeof a?(new TextEncoder).encode(a):a,t=await crypto.subtle.importKey("raw",e,{name:"HMAC",hash:"SHA-256"},!1,["sign"]);p=function(e,t){let r=e.length^t.length;const n=Math.max(e.length,t.length);for(let s=0;s<n;s++)r|=(e[s]??0)^(t[s]??0);return 0===r}(new Uint8Array(await crypto.subtle.sign("HMAC",t,f)),new Uint8Array(h))}else{if("ES256"!==g)throw new M(`JWT algorithm is "${g}", but verifier was configured for "ES256"`);const e=new Uint8Array(h);if(p=await crypto.subtle.verify({name:"ECDSA",hash:"SHA-256"},i,e,f),!p&&64===e.length)try{const t=function(e){if(64!==e.length)throw new Error("Invalid raw signature length");let t=e.slice(0,32),r=e.slice(32),n=0;for(;n<t.length-1&&0===t[n];)n++;t=t.slice(n);let s=0;for(;s<r.length-1&&0===r[s];)s++;if(r=r.slice(s),t.length>0&&128&t[0]){const e=new Uint8Array(t.length+1);e[0]=0,e.set(t,1),t=e}if(r.length>0&&128&r[0]){const e=new Uint8Array(r.length+1);e[0]=0,e.set(r,1),r=e}const o=t.length,i=r.length,a=2+o+2+i,c=new Uint8Array(2+a);return c[0]=48,c[1]=a,c[2]=2,c[3]=o,c.set(t,4),c[4+o]=2,c[5+o]=i,c.set(r,6+o),c}(e);p=await crypto.subtle.verify({name:"ECDSA",hash:"SHA-256"},i,t,f)}catch{p=!1}}if(!p)throw new M("Invalid JWT signature");const w=new n(d);if(w.hasExpiration()&&!w.verifyExpiration())throw new M("JWT expired");if(w.hasNotBefore()&&!w.verifyNotBefore())throw new M("JWT not yet valid");if(c&&d.iss!==c)throw new M("Invalid JWT issuer");if(l){const e=Array.isArray(l)?l:[l],t=d.aud?Array.isArray(d.aud)?d.aud:[d.aud]:[];if(!e.some(e=>t.includes(e)))throw new M("Invalid JWT audience")}return d}export{a as DEFAULT_COOKIE_SERIALIZE_OPTIONS,c as parseCookies,l as Cookies,u as CSRF_COOKIE_NAME,d as SESSION_COOKIE_NAME,h as SESSION_STRATEGY_COOKIE_NAME,f as LINKING_TOKEN_COOKIE_NAME,g as PKCE_COOKIE_NAME,p as CALLBACK_URI_COOKIE_NAME,w as CSRF_MAX_AGE,N as sign,F as verify,m as createAuth,y as handleCallback,v as applyCors,S as handlePreflight,b as verifyRequestOrigin,C as handleLink,U as handleUnlink,T as handleSignIn,H as handleSignOut,P as handleSession,x as createHandler,O as NULL_SESSION,M as AuthError,R as json,L as redirect};//# sourceMappingURL=chunk-BU67DYGK.js.map
|