@rttnd/gau 0.5.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/dist/chunk-AXVL3CPR.js +1 -0
  2. package/dist/chunk-AXVL3CPR.js.map +1 -0
  3. package/dist/chunk-PJCHBT42.js +1 -0
  4. package/dist/chunk-PJCHBT42.js.map +1 -0
  5. package/dist/chunk-YL3QRKSH.js +1 -0
  6. package/dist/chunk-YL3QRKSH.js.map +1 -0
  7. package/dist/src/adapters/drizzle/index.d.ts.map +1 -1
  8. package/dist/src/adapters/drizzle/index.js +1 -1
  9. package/dist/src/adapters/drizzle/mysql.d.ts +0 -1
  10. package/dist/src/adapters/drizzle/mysql.d.ts.map +1 -1
  11. package/dist/src/adapters/drizzle/pg.d.ts +27 -2
  12. package/dist/src/adapters/drizzle/pg.d.ts.map +1 -1
  13. package/dist/src/adapters/drizzle/sqlite.d.ts +8 -6
  14. package/dist/src/adapters/drizzle/sqlite.d.ts.map +1 -1
  15. package/dist/src/adapters/index.js +1 -1
  16. package/dist/src/client/solid/index.d.ts.map +1 -1
  17. package/dist/src/client/solid/index.jsx +6 -4
  18. package/dist/src/client/svelte/index.svelte.d.ts.map +1 -1
  19. package/dist/src/client/svelte/index.svelte.js +3 -1
  20. package/dist/src/client/svelte/index.svelte.js.map +1 -1
  21. package/dist/src/core/cookies.d.ts +1 -1
  22. package/dist/src/core/cookies.d.ts.map +1 -1
  23. package/dist/src/core/handlers/callback.d.ts.map +1 -1
  24. package/dist/src/core/handlers/index.js +1 -1
  25. package/dist/src/core/handlers/login.d.ts.map +1 -1
  26. package/dist/src/core/handlers/utils.d.ts.map +1 -1
  27. package/dist/src/core/index.d.ts +2 -2
  28. package/dist/src/core/index.d.ts.map +1 -1
  29. package/dist/src/core/index.js +1 -1
  30. package/dist/src/index.js +1 -1
  31. package/dist/src/jwt/index.js +1 -1
  32. package/dist/src/oauth/index.d.ts +2 -0
  33. package/dist/src/oauth/index.d.ts.map +1 -1
  34. package/dist/src/oauth/index.js +1 -1
  35. package/dist/src/oauth/index.js.map +1 -1
  36. package/dist/src/oauth/providers/discord.d.ts +3 -0
  37. package/dist/src/oauth/providers/discord.d.ts.map +1 -0
  38. package/dist/src/oauth/providers/facebook.d.ts +3 -0
  39. package/dist/src/oauth/providers/facebook.d.ts.map +1 -0
  40. package/dist/src/oauth/providers/microsoft.d.ts +0 -1
  41. package/dist/src/oauth/providers/microsoft.d.ts.map +1 -1
  42. package/dist/src/runtimes/index.js +1 -1
  43. package/dist/src/runtimes/tauri/index.js +1 -1
  44. package/dist/src/solidstart/index.js +1 -1
  45. package/dist/src/sveltekit/index.js +1 -1
  46. package/package.json +17 -11
  47. package/dist/chunk-3NKNADKP.js +0 -1
  48. package/dist/chunk-3NKNADKP.js.map +0 -1
  49. package/dist/chunk-GV4FQQFM.js +0 -1
  50. package/dist/chunk-GV4FQQFM.js.map +0 -1
  51. package/dist/chunk-Z35ZTMGZ.js +0 -1
  52. package/dist/chunk-Z35ZTMGZ.js.map +0 -1
package/dist/src/client/svelte/index.svelte.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/client/svelte/index.svelte.ts","../../../../src/core/cookies.ts","../../../../src/jwt/jwt.ts","../../../../src/oauth/utils.ts","../../../../src/core/index.ts","../../../../src/runtimes/tauri/index.ts","../../../../src/client/token.ts"],"sourcesContent":["import type { GauSession, ProfileName, ProviderIds } from '../../core'\nimport { BROWSER } from 'esm-env'\nimport { getContext, setContext } from 'svelte'\nimport { NULL_SESSION } from '../../core'\nimport { handleTauriDeepLink, isTauri, linkAccountWithTauri, setupTauriListener, signInWithTauri } from '../../runtimes/tauri'\nimport { clearSessionToken, getSessionToken, storeSessionToken } from '../token'\n\ninterface AuthContextValue<TAuth = unknown> {\n session: GauSession<ProviderIds<TAuth>>\n signIn: <P extends ProviderIds<TAuth>>(provider: P, options?: { redirectTo?: string, profile?: ProfileName<TAuth, P> }) => Promise<void>\n linkAccount: <P extends ProviderIds<TAuth>>(provider: P, options?: { redirectTo?: string, profile?: ProfileName<TAuth, P> }) => Promise<void>\n unlinkAccount: (provider: ProviderIds<TAuth>) => Promise<void>\n signOut: () => Promise<void>\n}\n\nconst AUTH_CONTEXT_KEY = Symbol('gau-auth')\n\nexport function createSvelteAuth<const TAuth = unknown>({\n baseUrl = '/api/auth',\n scheme = 'gau',\n redirectTo: defaultRedirectTo,\n}: {\n baseUrl?: string\n scheme?: string\n redirectTo?: string\n} = {}) {\n type CurrentSession = GauSession<ProviderIds<TAuth>>\n let session = $state<CurrentSession>({ ...NULL_SESSION, providers: [] })\n\n async function fetchSession() {\n if (!BROWSER) {\n session = { ...NULL_SESSION, providers: [] }\n return\n }\n\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n const res = await fetch(`${baseUrl}/session`, token ? { headers } : { credentials: 'include' })\n\n const contentType = res.headers.get('content-type')\n if (contentType?.includes('application/json')) {\n session = await res.json()\n }\n else {\n session = {\n ...NULL_SESSION,\n providers: [] as ProviderIds<TAuth>[],\n }\n }\n }\n\n async function signIn<P extends ProviderIds<TAuth>>(provider: P, { redirectTo, profile }: { redirectTo?: string, profile?: ProfileName<TAuth, P> } = {}) {\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n if (isTauri()) {\n await signInWithTauri(provider as string, baseUrl, scheme, finalRedirectTo, profile as string | undefined)\n }\n else {\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.origin\n\n const params = new URLSearchParams()\n if (finalRedirectTo)\n params.set('redirectTo', finalRedirectTo)\n if (profile)\n params.set('profile', String(profile))\n const q = params.toString()\n window.location.href = `${baseUrl}/${provider as string}${q ? `?${q}` : ''}`\n }\n }\n\n async function linkAccount<P extends ProviderIds<TAuth>>(provider: P, { redirectTo, profile }: { redirectTo?: string, profile?: ProfileName<TAuth, P> } = {}) {\n if (isTauri()) {\n await linkAccountWithTauri(provider as string, baseUrl, scheme, redirectTo, profile as string | undefined)\n return\n }\n\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.href\n\n const params = new URLSearchParams()\n if (finalRedirectTo)\n params.set('redirectTo', finalRedirectTo)\n if (profile)\n params.set('profile', String(profile))\n params.set('redirect', 'false')\n const linkUrl = `${baseUrl}/link/${provider as string}?${params.toString()}`\n\n const token = getSessionToken()\n\n const fetchOptions: RequestInit = token\n ? { headers: { Authorization: `Bearer ${token}` } }\n : { credentials: 'include' }\n\n const res = await fetch(linkUrl, fetchOptions)\n if (res.redirected) {\n window.location.href = res.url\n }\n else {\n try {\n const data = await res.json()\n if (data.url)\n window.location.href = data.url\n }\n catch (e) {\n console.error('Failed to parse response from link endpoint', e)\n }\n }\n }\n\n async function unlinkAccount(provider: ProviderIds<TAuth>) {\n const token = getSessionToken()\n const fetchOptions: RequestInit = token\n ? { headers: { Authorization: `Bearer ${token}` } }\n : { credentials: 'include' }\n\n const res = await fetch(`${baseUrl}/unlink/${provider as string}`, {\n method: 'POST',\n ...fetchOptions,\n })\n\n if (res.ok)\n await fetchSession()\n else\n console.error('Failed to unlink account', await res.json())\n }\n\n async function signOut() {\n clearSessionToken()\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n await fetch(`${baseUrl}/signout`, token ? { method: 'POST', headers } : { method: 'POST', credentials: 'include' })\n await fetchSession()\n }\n\n if (BROWSER) {\n const hash = new URL(window.location.href).hash.substring(1)\n const params = new URLSearchParams(hash)\n const tokenFromUrl = params.get('token')\n\n if (tokenFromUrl) {\n storeSessionToken(tokenFromUrl)\n void (async () => {\n let replaceUrl: (url: string) => void = url => window.history.replaceState(null, '', url)\n try {\n const navPath = '$' + 'app/navigation'\n const { replaceState } = await import(navPath)\n replaceUrl = url => replaceState(url, {})\n }\n catch {}\n\n replaceUrl(window.location.pathname + window.location.search)\n await fetchSession()\n })()\n }\n else {\n fetchSession()\n }\n }\n\n $effect(() => {\n if (!BROWSER || !isTauri())\n return\n\n let cleanup: (() => void) | void\n let disposed = false\n\n setupTauriListener(async (url) => {\n handleTauriDeepLink(url, baseUrl, scheme, async (token) => {\n storeSessionToken(token)\n await fetchSession()\n })\n }).then((unlisten) => {\n if (disposed)\n unlisten?.()\n else\n cleanup = unlisten\n })\n\n return () => {\n disposed = true\n cleanup?.()\n }\n })\n\n const contextValue: AuthContextValue<TAuth> = {\n get session() {\n return session\n },\n signIn,\n linkAccount,\n unlinkAccount: unlinkAccount as (provider: ProviderIds<TAuth>) => Promise<void>,\n signOut,\n }\n\n setContext(AUTH_CONTEXT_KEY, contextValue)\n}\n\nexport function useAuth<const TAuth = unknown>(): AuthContextValue<TAuth> {\n const context = getContext<AuthContextValue<TAuth>>(AUTH_CONTEXT_KEY)\n if (!context)\n throw new Error('useAuth must be used within an AuthProvider')\n\n return context\n}\n","import type { SerializeOptions } from 'cookie'\nimport { parse, serialize } from 'cookie'\n\nexport const DEFAULT_COOKIE_SERIALIZE_OPTIONS: SerializeOptions = {\n path: '/',\n sameSite: 'lax',\n secure: true,\n httpOnly: true,\n}\n\nexport type Cookie = [string, string, SerializeOptions]\n\nexport function parseCookies(cookieHeader: string | null | undefined): Map<string, string> {\n const cookies = new Map<string, string>()\n if (cookieHeader) {\n const parsed = parse(cookieHeader)\n for (const name in parsed)\n cookies.set(name, parsed[name]!)\n }\n return cookies\n}\n\nexport class Cookies {\n #new: Cookie[] = []\n\n constructor(\n private readonly requestCookies: Map<string, string>,\n private readonly defaultOptions: SerializeOptions,\n ) {}\n\n get(name: string): string | undefined {\n return this.requestCookies.get(name)\n }\n\n set(name: string, value: string, options?: SerializeOptions): void {\n const combinedOptions = { ...this.defaultOptions, ...options }\n this.#new.push([name, value, combinedOptions])\n }\n\n delete(name: string, options?: Omit<SerializeOptions, 'expires' | 'maxAge'>): void {\n this.set(name, '', { ...options, expires: new Date(0), maxAge: 0 })\n }\n\n toHeaders(): Headers {\n const headers = new Headers()\n for (const [name, value, options] of this.#new)\n headers.append('Set-Cookie', serialize(name, value, options))\n\n return headers\n }\n}\n\nexport const CSRF_COOKIE_NAME = '__gau-csrf-token'\nexport const SESSION_COOKIE_NAME = '__gau-session-token'\nexport const SESSION_STRATEGY_COOKIE_NAME = '__gau-session-strategy'\nexport const LINKING_TOKEN_COOKIE_NAME = '__gau-linking-token'\nexport const PKCE_COOKIE_NAME = '__gau-pkce-code-verifier'\nexport const CALLBACK_URI_COOKIE_NAME = '__gau-callback-uri'\nexport const PROVIDER_OPTIONS_COOKIE_NAME = '__gau-provider-options'\n\nexport const CSRF_MAX_AGE = 60 * 10 // 10 minutes\n","/// <reference types=\"node\" />\nimport {\n createJWTSignatureMessage,\n encodeJWT,\n JWSRegisteredHeaders,\n JWTRegisteredClaims,\n parseJWT,\n} from '@oslojs/jwt'\nimport { AuthError } from '../core/index'\nimport { constantTimeEqual, deriveKeysFromSecret, rawToDer } from './utils'\n\nexport type SupportedAlgorithm = 'ES256' | 'HS256'\n\ninterface CommonSignOptions {\n /** Time-to-live in seconds (exp claim). If omitted the token will not expire. */\n ttl?: number\n}\n\nexport type SignOptions\n = | ({ algorithm?: 'ES256', privateKey?: CryptoKey, secret?: string }\n & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n | ({ algorithm: 'HS256', secret?: string | Uint8Array, privateKey?: never }\n & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n\n/**\n * Create a signed JWT.\n * Defaults to ES256 when a privateKey is supplied. Falls back to HS256 when a secret is supplied.\n */\nexport async function sign<T extends Record<string, unknown>>(payload: T, options: SignOptions = {}): Promise<string> {\n let { algorithm = 'ES256', ttl, iss, aud, sub, privateKey, secret } = options\n\n if (algorithm === 'ES256') {\n if (!privateKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 signing. It must be a base64url-encoded string.');\n\n ({ privateKey } = await deriveKeysFromSecret(secret))\n }\n }\n else if (algorithm === 'HS256' && !secret) {\n throw new AuthError('Missing secret for HS256 signing')\n }\n\n const now = Math.floor(Date.now() / 1000)\n\n const jwtPayload: Record<string, unknown> = { iat: now, iss, aud, sub, ...payload }\n\n if (ttl != null && ttl > 0)\n jwtPayload.exp = now + ttl\n\n const isHS256 = algorithm === 'HS256'\n const alg: SupportedAlgorithm = isHS256 ? 'HS256' : 'ES256'\n\n const headerJSON = JSON.stringify({ alg, typ: 'JWT' })\n const payloadJSON = JSON.stringify(jwtPayload)\n\n const signatureMessage = createJWTSignatureMessage(headerJSON, payloadJSON)\n\n let signature: Uint8Array\n\n if (isHS256) {\n // HS256 (HMAC-SHA256)\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n signature = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n }\n else {\n // ES256 (ECDSA-SHA256)\n // Runtimes like Bun's return the raw (r||s) signature directly, not DER-encoded.\n signature = new Uint8Array(\n await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey!,\n signatureMessage as BufferSource,\n ),\n )\n }\n\n return encodeJWT(headerJSON, payloadJSON, signature)\n}\n\nexport type VerifyOptions\n = | { algorithm?: 'ES256', publicKey?: CryptoKey, secret?: string, iss?: string, aud?: string | string[] }\n | { algorithm: 'HS256', secret?: string | Uint8Array, publicKey?: never, iss?: string, aud?: string | string[] }\n\n/**\n * Verify a JWT and return its payload when the signature is valid.\n * The algorithm is inferred from options – ES256 by default.\n * Throws when verification fails or the token is expired.\n */\nexport async function verify<T = Record<string, unknown>>(token: string, options: VerifyOptions): Promise<T> {\n let { algorithm = 'ES256', publicKey, secret, iss, aud } = options\n\n if (algorithm === 'ES256') {\n if (!publicKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 verification. Must be a base64url-encoded string.');\n\n ({ publicKey } = await deriveKeysFromSecret(secret))\n }\n }\n\n if (algorithm === 'HS256' && !secret)\n throw new AuthError('Missing secret for HS256 verification')\n\n const [header, payload, signature, signatureMessage] = parseJWT(token)\n\n const headerParams = new JWSRegisteredHeaders(header)\n const headerAlg = headerParams.algorithm()\n\n let validSignature = false\n\n // HS256 verification path\n if (algorithm === 'HS256') {\n if (headerAlg !== 'HS256')\n throw new Error(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"HS256\"`)\n\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n const expectedSig = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n validSignature = constantTimeEqual(expectedSig, new Uint8Array(signature))\n }\n // ES256 verification path (default)\n else {\n if (headerAlg !== 'ES256')\n throw new AuthError(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"ES256\"`)\n\n const signatureBytes = new Uint8Array(signature)\n\n // Runtimes like Node.js return DER-encoded signatures. Others (Bun) return raw (r||s).\n // We try DER first, as it's more common in Node environments.\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n signatureBytes as BufferSource,\n signatureMessage as BufferSource,\n )\n\n if (!validSignature && signatureBytes.length === 64) {\n // If DER verification fails and the signature is 64 bytes, it might be a raw signature.\n // Convert it to DER and try again.\n try {\n const derSig = rawToDer(signatureBytes)\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n derSig as BufferSource,\n signatureMessage as BufferSource,\n )\n }\n catch {\n // rawToDer can throw if the signature is not 64 bytes, but we already checked.\n // This catch is for other unexpected errors.\n validSignature = false\n }\n }\n }\n\n if (!validSignature)\n throw new AuthError('Invalid JWT signature')\n\n const claims = new JWTRegisteredClaims(payload)\n if (claims.hasExpiration() && !claims.verifyExpiration())\n throw new AuthError('JWT expired')\n if (claims.hasNotBefore() && !claims.verifyNotBefore())\n throw new AuthError('JWT not yet valid')\n if (iss && (payload as any).iss !== iss)\n throw new AuthError('Invalid JWT issuer')\n\n if (aud) {\n const expectedAudience = Array.isArray(aud) ? aud : [aud]\n const tokenAudience = (payload as any).aud\n ? (Array.isArray((payload as any).aud) ? (payload as any).aud : [(payload as any).aud])\n : []\n\n if (!expectedAudience.some(audValue => tokenAudience.includes(audValue)))\n throw new AuthError('Invalid JWT audience')\n }\n\n return payload as T\n}\n","import { generateCodeVerifier, generateState } from 'arctic'\n\nexport function createOAuthUris() {\n const state = generateState()\n const codeVerifier = generateCodeVerifier()\n\n return {\n state,\n codeVerifier,\n }\n}\n","export interface User {\n id: string\n name?: string | null\n email?: string | null\n emailVerified?: boolean | null\n image?: string | null\n role?: string | null\n}\n\nexport interface Session {\n id: string\n sub: string\n [key: string]: unknown\n}\n\nexport interface GauSession<TProviders extends string = string> {\n user: User | null\n session: Session | null\n accounts?: Account[] | null\n providers?: TProviders[]\n}\n\nexport const NULL_SESSION = {\n user: null,\n session: null,\n accounts: null,\n} as const\n\nexport interface NewUser extends Omit<User, 'id' | 'accounts'> {\n id?: string\n}\n\nexport interface Account {\n userId: string\n provider: string\n providerAccountId: string\n type?: string // e.g. \"oauth\"\n accessToken?: string | null\n refreshToken?: string | null\n expiresAt?: number | null // epoch seconds\n idToken?: string | null\n scope?: string | null\n tokenType?: string | null\n sessionState?: string | null\n}\n\nexport interface NewAccount extends Account {}\n\nexport interface Adapter {\n getUser: (id: string) => Promise<User | null>\n getUserByEmail: (email: string) => Promise<User | null>\n getUserByAccount: (provider: string, providerAccountId: string) => Promise<User | null>\n getAccounts: (userId: string) => Promise<Account[]>\n getUserAndAccounts: (userId: string) => Promise<{ user: User, accounts: Account[] } | null>\n createUser: (data: NewUser) => Promise<User>\n linkAccount: (data: NewAccount) => Promise<void>\n unlinkAccount: (provider: string, providerAccountId: string) => Promise<void>\n updateAccount?: (data: Partial<Account> & { userId: string, provider: string, providerAccountId: string }) => Promise<void>\n updateUser: (data: Partial<User> & { id: string }) => Promise<User>\n deleteUser: (id: string) => Promise<void>\n}\n\nexport class AuthError extends Error {\n override readonly cause?: unknown\n constructor(message: string, cause?: unknown) {\n super(message)\n this.name = 'AuthError'\n this.cause = cause\n }\n}\n\nexport function json<T>(data: T, init: ResponseInit = {}): Response {\n const headers = new Headers(init.headers)\n if (!headers.has('Content-Type'))\n headers.set('Content-Type', 'application/json; charset=utf-8')\n return new Response(JSON.stringify(data), { ...init, headers })\n}\n\nexport function redirect(url: string, status: 302 | 303 = 302): Response {\n return new Response(null, {\n status,\n headers: {\n Location: url,\n },\n })\n}\n\nexport * from './cookies'\nexport * from './createAuth'\nexport * from './handler'\n","import { BROWSER } from 'esm-env'\nimport { getSessionToken } from '../../client/token'\n\nexport function isTauri(): boolean {\n return BROWSER && '__TAURI_INTERNALS__' in (globalThis as any)\n}\n\nexport async function signInWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n profile?: string,\n) {\n if (!isTauri())\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { open } = await import('@tauri-apps/plugin-shell')\n\n const currentPlatform = platform() // platform is NO LONGER an async function\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const params = new URLSearchParams()\n params.set('redirectTo', redirectTo)\n if (profile)\n params.set('profile', profile)\n const authUrl = `${baseUrl}/${provider}?${params.toString()}`\n await open(authUrl)\n}\n\nexport async function setupTauriListener(\n handler: (url: string) => Promise<void>,\n): Promise<(() => void) | void> {\n if (!isTauri())\n return\n\n const { listen } = await import('@tauri-apps/api/event')\n try {\n const unlisten = await listen<string>('deep-link', async (event) => {\n await handler(event.payload)\n })\n return unlisten\n }\n catch (err) {\n console.error(err)\n }\n}\n\nexport function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void) {\n const parsed = new URL(url)\n if (parsed.protocol !== `${scheme}:` && parsed.origin !== new URL(baseUrl).origin)\n return\n\n const params = new URLSearchParams(parsed.hash.substring(1))\n const token = params.get('token')\n if (token)\n onToken(token)\n}\n\nexport async function linkAccountWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n profile?: string,\n) {\n if (!isTauri())\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { open } = await import('@tauri-apps/plugin-shell')\n\n const currentPlatform = platform()\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const token = getSessionToken()\n if (!token) {\n console.error('No session token found, cannot link account.')\n return\n }\n\n const params = new URLSearchParams()\n params.set('redirectTo', redirectTo)\n params.set('token', token)\n if (profile)\n params.set('profile', profile)\n const linkUrl = `${baseUrl}/link/${provider}?${params.toString()}`\n await open(linkUrl)\n}\n","import { BROWSER } from 'esm-env'\n\nexport function storeSessionToken(token: string) {\n if (!BROWSER)\n return\n try {\n localStorage.setItem('gau-token', token)\n document.cookie = `__gau-session-token=${token}; path=/; max-age=31536000; samesite=lax; secure`\n }\n catch {}\n}\n\nexport function getSessionToken(): string | null {\n if (!BROWSER)\n return null\n return localStorage.getItem('gau-token')\n}\n\nexport function clearSessionToken() {\n if (!BROWSER)\n return\n try {\n localStorage.removeItem('gau-token')\n document.cookie = `__gau-session-token=; path=/; max-age=0`\n }\n catch {}\n}\n"],"mappings":";AACA,SAAS,WAAAA,gBAAe;AACxB,SAAS,YAAY,kBAAkB;;;ACDvC,SAAS,OAAO,iBAAiB;AA2D1B,IAAM,eAAe,KAAK;;;AC3DjC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;ACPP,SAAS,sBAAsB,qBAAqB;;;ACsB7C,IAAM,eAAe;AAAA,EAC1B,MAAM;AAAA,EACN,SAAS;AAAA,EACT,UAAU;AACZ;;;AC1BA,SAAS,WAAAC,gBAAe;;;ACAxB,SAAS,eAAe;AAEjB,SAAS,kBAAkB,OAAe;AAC/C,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,QAAQ,aAAa,KAAK;AACvC,aAAS,SAAS,uBAAuB,KAAK;AAAA,EAChD,QACM;AAAA,EAAC;AACT;AAEO,SAAS,kBAAiC;AAC/C,MAAI,CAAC;AACH,WAAO;AACT,SAAO,aAAa,QAAQ,WAAW;AACzC;AAEO,SAAS,oBAAoB;AAClC,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,WAAW,WAAW;AACnC,aAAS,SAAS;AAAA,EACpB,QACM;AAAA,EAAC;AACT;;;ADvBO,SAAS,UAAmB;AACjC,SAAOC,YAAW,yBAA0B;AAC9C;AAEA,eAAsB,gBACpB,UACA,SACA,SAAiB,OACjB,kBACA,SACA;AACA,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,SAAS,IAAI,gBAAgB;AACnC,SAAO,IAAI,cAAc,UAAU;AACnC,MAAI;AACF,WAAO,IAAI,WAAW,OAAO;AAC/B,QAAM,UAAU,GAAG,OAAO,IAAI,QAAQ,IAAI,OAAO,SAAS,CAAC;AAC3D,QAAM,KAAK,OAAO;AACpB;AAEA,eAAsB,mBACpB,SAC8B;AAC9B,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,uBAAuB;AACvD,MAAI;AACF,UAAM,WAAW,MAAM,OAAe,aAAa,OAAO,UAAU;AAClE,YAAM,QAAQ,MAAM,OAAO;AAAA,IAC7B,CAAC;AACD,WAAO;AAAA,EACT,SACO,KAAK;AACV,YAAQ,MAAM,GAAG;AAAA,EACnB;AACF;AAEO,SAAS,oBAAoB,KAAa,SAAiB,QAAgB,SAAkC;AAClH,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,MAAI,OAAO,aAAa,GAAG,MAAM,OAAO,OAAO,WAAW,IAAI,IAAI,OAAO,EAAE;AACzE;AAEF,QAAM,SAAS,IAAI,gBAAgB,OAAO,KAAK,UAAU,CAAC,CAAC;AAC3D,QAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,MAAI;AACF,YAAQ,KAAK;AACjB;AAEA,eAAsB,qBACpB,UACA,SACA,SAAiB,OACjB,kBACA,SACA;AACA,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,QAAQ,gBAAgB;AAC9B,MAAI,CAAC,OAAO;AACV,YAAQ,MAAM,8CAA8C;AAC5D;AAAA,EACF;AAEA,QAAM,SAAS,IAAI,gBAAgB;AACnC,SAAO,IAAI,cAAc,UAAU;AACnC,SAAO,IAAI,SAAS,KAAK;AACzB,MAAI;AACF,WAAO,IAAI,WAAW,OAAO;AAC/B,QAAM,UAAU,GAAG,OAAO,SAAS,QAAQ,IAAI,OAAO,SAAS,CAAC;AAChE,QAAM,KAAK,OAAO;AACpB;;;ALxFA,IAAM,mBAAmB,OAAO,UAAU;AAEnC,SAAS,iBAAwC;AAAA,EACtD,UAAU;AAAA,EACV,SAAS;AAAA,EACT,YAAY;AACd,IAII,CAAC,GAAG;AAEN,MAAI,UAAU,OAAuB,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE,CAAC;AAEvE,iBAAe,eAAe;AAC5B,QAAI,CAACC,UAAS;AACZ,gBAAU,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE;AAC3C;AAAA,IACF;AAEA,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,IAAI,EAAE,aAAa,UAAU,CAAC;AAE9F,UAAM,cAAc,IAAI,QAAQ,IAAI,cAAc;AAClD,QAAI,aAAa,SAAS,kBAAkB,GAAG;AAC7C,gBAAU,MAAM,IAAI,KAAK;AAAA,IAC3B,OACK;AACH,gBAAU;AAAA,QACR,GAAG;AAAA,QACH,WAAW,CAAC;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,OAAqC,UAAa,EAAE,YAAY,QAAQ,IAA8D,CAAC,GAAG;AACvJ,QAAI,kBAAkB,cAAc;AACpC,QAAI,QAAQ,GAAG;AACb,YAAM,gBAAgB,UAAoB,SAAS,QAAQ,iBAAiB,OAA6B;AAAA,IAC3G,OACK;AACH,UAAI,CAAC,mBAAmBA;AACtB,0BAAkB,OAAO,SAAS;AAEpC,YAAM,SAAS,IAAI,gBAAgB;AACnC,UAAI;AACF,eAAO,IAAI,cAAc,eAAe;AAC1C,UAAI;AACF,eAAO,IAAI,WAAW,OAAO,OAAO,CAAC;AACvC,YAAM,IAAI,OAAO,SAAS;AAC1B,aAAO,SAAS,OAAO,GAAG,OAAO,IAAI,QAAkB,GAAG,IAAI,IAAI,CAAC,KAAK,EAAE;AAAA,IAC5E;AAAA,EACF;AAEA,iBAAe,YAA0C,UAAa,EAAE,YAAY,QAAQ,IAA8D,CAAC,GAAG;AAC5J,QAAI,QAAQ,GAAG;AACb,YAAM,qBAAqB,UAAoB,SAAS,QAAQ,YAAY,OAA6B;AACzG;AAAA,IACF;AAEA,QAAI,kBAAkB,cAAc;AACpC,QAAI,CAAC,mBAAmBA;AACtB,wBAAkB,OAAO,SAAS;AAEpC,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI;AACF,aAAO,IAAI,cAAc,eAAe;AAC1C,QAAI;AACF,aAAO,IAAI,WAAW,OAAO,OAAO,CAAC;AACvC,WAAO,IAAI,YAAY,OAAO;AAC9B,UAAM,UAAU,GAAG,OAAO,SAAS,QAAkB,IAAI,OAAO,SAAS,CAAC;AAE1E,UAAM,QAAQ,gBAAgB;AAE9B,UAAM,eAA4B,QAC9B,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAChD,EAAE,aAAa,UAAU;AAE7B,UAAM,MAAM,MAAM,MAAM,SAAS,YAAY;AAC7C,QAAI,IAAI,YAAY;AAClB,aAAO,SAAS,OAAO,IAAI;AAAA,IAC7B,OACK;AACH,UAAI;AACF,cAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,YAAI,KAAK;AACP,iBAAO,SAAS,OAAO,KAAK;AAAA,MAChC,SACO,GAAG;AACR,gBAAQ,MAAM,+CAA+C,CAAC;AAAA,MAChE;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,cAAc,UAA8B;AACzD,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAC9B,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAChD,EAAE,aAAa,UAAU;AAE7B,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,WAAW,QAAkB,IAAI;AAAA,MACjE,QAAQ;AAAA,MACR,GAAG;AAAA,IACL,CAAC;AAED,QAAI,IAAI;AACN,YAAM,aAAa;AAAA;AAEnB,cAAQ,MAAM,4BAA4B,MAAM,IAAI,KAAK,CAAC;AAAA,EAC9D;AAEA,iBAAe,UAAU;AACvB,sBAAkB;AAClB,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,QAAQ,QAAQ,IAAI,EAAE,QAAQ,QAAQ,aAAa,UAAU,CAAC;AAClH,UAAM,aAAa;AAAA,EACrB;AAEA,MAAIA,UAAS;AACX,UAAM,OAAO,IAAI,IAAI,OAAO,SAAS,IAAI,EAAE,KAAK,UAAU,CAAC;AAC3D,UAAM,SAAS,IAAI,gBAAgB,IAAI;AACvC,UAAM,eAAe,OAAO,IAAI,OAAO;AAEvC,QAAI,cAAc;AAChB,wBAAkB,YAAY;AAC9B,YAAM,YAAY;AAChB,YAAI,aAAoC,SAAO,OAAO,QAAQ,aAAa,MAAM,IAAI,GAAG;AACxF,YAAI;AACF,gBAAM,UAAU;AAChB,gBAAM,EAAE,aAAa,IAAI,MAAM,OAAO;AACtC,uBAAa,SAAO,aAAa,KAAK,CAAC,CAAC;AAAA,QAC1C,QACM;AAAA,QAAC;AAEP,mBAAW,OAAO,SAAS,WAAW,OAAO,SAAS,MAAM;AAC5D,cAAM,aAAa;AAAA,MACrB,GAAG;AAAA,IACL,OACK;AACH,mBAAa;AAAA,IACf;AAAA,EACF;AAEA,UAAQ,MAAM;AACZ,QAAI,CAACA,YAAW,CAAC,QAAQ;AACvB;AAEF,QAAI;AACJ,QAAI,WAAW;AAEf,uBAAmB,OAAO,QAAQ;AAChC,0BAAoB,KAAK,SAAS,QAAQ,OAAO,UAAU;AACzD,0BAAkB,KAAK;AACvB,cAAM,aAAa;AAAA,MACrB,CAAC;AAAA,IACH,CAAC,EAAE,KAAK,CAAC,aAAa;AACpB,UAAI;AACF,mBAAW;AAAA;AAEX,kBAAU;AAAA,IACd,CAAC;AAED,WAAO,MAAM;AACX,iBAAW;AACX,gBAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,eAAwC;AAAA,IAC5C,IAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,aAAW,kBAAkB,YAAY;AAC3C;AAEO,SAAS,UAA0D;AACxE,QAAM,UAAU,WAAoC,gBAAgB;AACpE,MAAI,CAAC;AACH,UAAM,IAAI,MAAM,6CAA6C;AAE/D,SAAO;AACT;","names":["BROWSER","BROWSER","BROWSER","BROWSER"]}
1
+ {"version":3,"sources":["../../../../src/client/svelte/index.svelte.ts","../../../../src/core/cookies.ts","../../../../src/jwt/jwt.ts","../../../../src/oauth/utils.ts","../../../../src/core/index.ts","../../../../src/runtimes/tauri/index.ts","../../../../src/client/token.ts"],"sourcesContent":["import type { GauSession, ProfileName, ProviderIds } from '../../core'\nimport { BROWSER } from 'esm-env'\nimport { getContext, setContext } from 'svelte'\nimport { NULL_SESSION } from '../../core'\nimport { handleTauriDeepLink, isTauri, linkAccountWithTauri, setupTauriListener, signInWithTauri } from '../../runtimes/tauri'\nimport { clearSessionToken, getSessionToken, storeSessionToken } from '../token'\n\ninterface AuthContextValue<TAuth = unknown> {\n session: GauSession<ProviderIds<TAuth>>\n signIn: <P extends ProviderIds<TAuth>>(provider: P, options?: { redirectTo?: string, profile?: ProfileName<TAuth, P> }) => Promise<void>\n linkAccount: <P extends ProviderIds<TAuth>>(provider: P, options?: { redirectTo?: string, profile?: ProfileName<TAuth, P> }) => Promise<void>\n unlinkAccount: (provider: ProviderIds<TAuth>) => Promise<void>\n signOut: () => Promise<void>\n}\n\nconst AUTH_CONTEXT_KEY = Symbol('gau-auth')\n\nexport function createSvelteAuth<const TAuth = unknown>({\n baseUrl = '/api/auth',\n scheme = 'gau',\n redirectTo: defaultRedirectTo,\n}: {\n baseUrl?: string\n scheme?: string\n redirectTo?: string\n} = {}) {\n type CurrentSession = GauSession<ProviderIds<TAuth>>\n let session = $state<CurrentSession>({ ...NULL_SESSION, providers: [] })\n\n async function replaceUrlSafe(url: string) {\n let replaceUrl: (url: string) => void = u => window.history.replaceState(null, '', u)\n try {\n const navPath = '$' + 'app/navigation'\n const { replaceState } = await import(/* @vite-ignore */ navPath)\n replaceUrl = u => replaceState(u, {})\n }\n catch {}\n replaceUrl(url)\n }\n\n async function fetchSession() {\n if (!BROWSER) {\n session = { ...NULL_SESSION, providers: [] }\n return\n }\n\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n const res = await fetch(`${baseUrl}/session`, token ? { headers } : { credentials: 'include' })\n\n const contentType = res.headers.get('content-type')\n if (contentType?.includes('application/json')) {\n session = await res.json()\n }\n else {\n session = {\n ...NULL_SESSION,\n providers: [] as ProviderIds<TAuth>[],\n }\n }\n }\n\n async function signIn<P extends ProviderIds<TAuth>>(provider: P, { redirectTo, profile }: { redirectTo?: string, profile?: ProfileName<TAuth, P> } = {}) {\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n if (isTauri()) {\n await signInWithTauri(provider as string, baseUrl, scheme, finalRedirectTo, profile as string | undefined)\n }\n else {\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.origin\n\n const params = new URLSearchParams()\n if (finalRedirectTo)\n params.set('redirectTo', finalRedirectTo)\n if (profile)\n params.set('profile', String(profile))\n const q = params.toString()\n window.location.href = `${baseUrl}/${provider as string}${q ? `?${q}` : ''}`\n }\n }\n\n async function linkAccount<P extends ProviderIds<TAuth>>(provider: P, { redirectTo, profile }: { redirectTo?: string, profile?: ProfileName<TAuth, P> } = {}) {\n if (isTauri()) {\n await linkAccountWithTauri(provider as string, baseUrl, scheme, redirectTo, profile as string | undefined)\n return\n }\n\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.href\n\n const params = new URLSearchParams()\n if (finalRedirectTo)\n params.set('redirectTo', finalRedirectTo)\n if (profile)\n params.set('profile', String(profile))\n params.set('redirect', 'false')\n const linkUrl = `${baseUrl}/link/${provider as string}?${params.toString()}`\n\n const token = getSessionToken()\n\n const fetchOptions: RequestInit = token\n ? { headers: { Authorization: `Bearer ${token}` } }\n : { credentials: 'include' }\n\n const res = await fetch(linkUrl, fetchOptions)\n if (res.redirected) {\n window.location.href = res.url\n }\n else {\n try {\n const data = await res.json()\n if (data.url)\n window.location.href = data.url\n }\n catch (e) {\n console.error('Failed to parse response from link endpoint', e)\n }\n }\n }\n\n async function unlinkAccount(provider: ProviderIds<TAuth>) {\n const token = getSessionToken()\n const fetchOptions: RequestInit = token\n ? { headers: { Authorization: `Bearer ${token}` } }\n : { credentials: 'include' }\n\n const res = await fetch(`${baseUrl}/unlink/${provider as string}`, {\n method: 'POST',\n ...fetchOptions,\n })\n\n if (res.ok)\n await fetchSession()\n else\n console.error('Failed to unlink account', await res.json())\n }\n\n async function signOut() {\n clearSessionToken()\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n await fetch(`${baseUrl}/signout`, token ? { method: 'POST', headers } : { method: 'POST', credentials: 'include' })\n await fetchSession()\n }\n\n if (BROWSER) {\n if (window.location.hash === '#_=_')\n void replaceUrlSafe(window.location.pathname + window.location.search)\n\n const hash = new URL(window.location.href).hash.substring(1)\n const params = new URLSearchParams(hash)\n const tokenFromUrl = params.get('token')\n\n if (tokenFromUrl) {\n storeSessionToken(tokenFromUrl)\n void (async () => {\n await replaceUrlSafe(window.location.pathname + window.location.search)\n await fetchSession()\n })()\n }\n else {\n fetchSession()\n }\n }\n\n $effect(() => {\n if (!BROWSER || !isTauri())\n return\n\n let cleanup: (() => void) | void\n let disposed = false\n\n setupTauriListener(async (url) => {\n handleTauriDeepLink(url, baseUrl, scheme, async (token) => {\n storeSessionToken(token)\n await fetchSession()\n })\n }).then((unlisten) => {\n if (disposed)\n unlisten?.()\n else\n cleanup = unlisten\n })\n\n return () => {\n disposed = true\n cleanup?.()\n }\n })\n\n const contextValue: AuthContextValue<TAuth> = {\n get session() {\n return session\n },\n signIn,\n linkAccount,\n unlinkAccount: unlinkAccount as (provider: ProviderIds<TAuth>) => Promise<void>,\n signOut,\n }\n\n setContext(AUTH_CONTEXT_KEY, contextValue)\n}\n\nexport function useAuth<const TAuth = unknown>(): AuthContextValue<TAuth> {\n const context = getContext<AuthContextValue<TAuth>>(AUTH_CONTEXT_KEY)\n if (!context)\n throw new Error('useAuth must be used within an AuthProvider')\n\n return context\n}\n","import type { SerializeOptions } from 'cookie'\nimport { parse, serialize } from 'cookie'\n\nexport const DEFAULT_COOKIE_SERIALIZE_OPTIONS: SerializeOptions = {\n path: '/',\n sameSite: 'lax',\n secure: true,\n httpOnly: true,\n}\n\nexport type Cookie = [string, string, SerializeOptions]\n\nexport function parseCookies(cookieHeader: string | null | undefined): Map<string, string> {\n const cookies = new Map<string, string>()\n if (cookieHeader) {\n const parsed = parse(cookieHeader)\n for (const name in parsed)\n cookies.set(name, parsed[name]!)\n }\n return cookies\n}\n\nexport class Cookies {\n #new: Cookie[] = []\n\n constructor(\n private readonly requestCookies: Map<string, string>,\n private readonly defaultOptions: SerializeOptions,\n ) {}\n\n get(name: string): string | undefined {\n return this.requestCookies.get(name)\n }\n\n set(name: string, value: string, options?: SerializeOptions): void {\n const combinedOptions = { ...this.defaultOptions, ...options }\n this.#new.push([name, value, combinedOptions])\n }\n\n delete(name: string, options?: Omit<SerializeOptions, 'expires' | 'maxAge'>): void {\n this.set(name, '', { ...options, expires: new Date(0), maxAge: 0 })\n }\n\n toHeaders(): Headers {\n const headers = new Headers()\n for (const [name, value, options] of this.#new)\n headers.append('Set-Cookie', serialize(name, value, options))\n\n return headers\n }\n}\n\nexport const CSRF_COOKIE_NAME = '__gau-csrf-token'\nexport const SESSION_COOKIE_NAME = '__gau-session-token'\nexport const SESSION_STRATEGY_COOKIE_NAME = '__gau-session-strategy'\nexport const LINKING_TOKEN_COOKIE_NAME = '__gau-linking-token'\nexport const PKCE_COOKIE_NAME = '__gau-pkce-code-verifier'\nexport const CALLBACK_URI_COOKIE_NAME = '__gau-callback-uri'\nexport const PROVIDER_OPTIONS_COOKIE_NAME = '__gau-provider-options'\n\nexport const CSRF_MAX_AGE = 60 * 10 // 10 minutes\n","/// <reference types=\"node\" />\nimport {\n createJWTSignatureMessage,\n encodeJWT,\n JWSRegisteredHeaders,\n JWTRegisteredClaims,\n parseJWT,\n} from '@oslojs/jwt'\nimport { AuthError } from '../core/index'\nimport { constantTimeEqual, deriveKeysFromSecret, rawToDer } from './utils'\n\nexport type SupportedAlgorithm = 'ES256' | 'HS256'\n\ninterface CommonSignOptions {\n /** Time-to-live in seconds (exp claim). If omitted the token will not expire. */\n ttl?: number\n}\n\nexport type SignOptions\n = | ({ algorithm?: 'ES256', privateKey?: CryptoKey, secret?: string }\n & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n | ({ algorithm: 'HS256', secret?: string | Uint8Array, privateKey?: never }\n & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n\n/**\n * Create a signed JWT.\n * Defaults to ES256 when a privateKey is supplied. Falls back to HS256 when a secret is supplied.\n */\nexport async function sign<T extends Record<string, unknown>>(payload: T, options: SignOptions = {}): Promise<string> {\n let { algorithm = 'ES256', ttl, iss, aud, sub, privateKey, secret } = options\n\n if (algorithm === 'ES256') {\n if (!privateKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 signing. It must be a base64url-encoded string.');\n\n ({ privateKey } = await deriveKeysFromSecret(secret))\n }\n }\n else if (algorithm === 'HS256' && !secret) {\n throw new AuthError('Missing secret for HS256 signing')\n }\n\n const now = Math.floor(Date.now() / 1000)\n\n const jwtPayload: Record<string, unknown> = { iat: now, iss, aud, sub, ...payload }\n\n if (ttl != null && ttl > 0)\n jwtPayload.exp = now + ttl\n\n const isHS256 = algorithm === 'HS256'\n const alg: SupportedAlgorithm = isHS256 ? 'HS256' : 'ES256'\n\n const headerJSON = JSON.stringify({ alg, typ: 'JWT' })\n const payloadJSON = JSON.stringify(jwtPayload)\n\n const signatureMessage = createJWTSignatureMessage(headerJSON, payloadJSON)\n\n let signature: Uint8Array\n\n if (isHS256) {\n // HS256 (HMAC-SHA256)\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n signature = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n }\n else {\n // ES256 (ECDSA-SHA256)\n // Runtimes like Bun's return the raw (r||s) signature directly, not DER-encoded.\n signature = new Uint8Array(\n await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey!,\n signatureMessage as BufferSource,\n ),\n )\n }\n\n return encodeJWT(headerJSON, payloadJSON, signature)\n}\n\nexport type VerifyOptions\n = | { algorithm?: 'ES256', publicKey?: CryptoKey, secret?: string, iss?: string, aud?: string | string[] }\n | { algorithm: 'HS256', secret?: string | Uint8Array, publicKey?: never, iss?: string, aud?: string | string[] }\n\n/**\n * Verify a JWT and return its payload when the signature is valid.\n * The algorithm is inferred from options – ES256 by default.\n * Throws when verification fails or the token is expired.\n */\nexport async function verify<T = Record<string, unknown>>(token: string, options: VerifyOptions): Promise<T> {\n let { algorithm = 'ES256', publicKey, secret, iss, aud } = options\n\n if (algorithm === 'ES256') {\n if (!publicKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 verification. Must be a base64url-encoded string.');\n\n ({ publicKey } = await deriveKeysFromSecret(secret))\n }\n }\n\n if (algorithm === 'HS256' && !secret)\n throw new AuthError('Missing secret for HS256 verification')\n\n const [header, payload, signature, signatureMessage] = parseJWT(token)\n\n const headerParams = new JWSRegisteredHeaders(header)\n const headerAlg = headerParams.algorithm()\n\n let validSignature = false\n\n // HS256 verification path\n if (algorithm === 'HS256') {\n if (headerAlg !== 'HS256')\n throw new Error(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"HS256\"`)\n\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n const expectedSig = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n validSignature = constantTimeEqual(expectedSig, new Uint8Array(signature))\n }\n // ES256 verification path (default)\n else {\n if (headerAlg !== 'ES256')\n throw new AuthError(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"ES256\"`)\n\n const signatureBytes = new Uint8Array(signature)\n\n // Runtimes like Node.js return DER-encoded signatures. Others (Bun) return raw (r||s).\n // We try DER first, as it's more common in Node environments.\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n signatureBytes as BufferSource,\n signatureMessage as BufferSource,\n )\n\n if (!validSignature && signatureBytes.length === 64) {\n // If DER verification fails and the signature is 64 bytes, it might be a raw signature.\n // Convert it to DER and try again.\n try {\n const derSig = rawToDer(signatureBytes)\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n derSig as BufferSource,\n signatureMessage as BufferSource,\n )\n }\n catch {\n // rawToDer can throw if the signature is not 64 bytes, but we already checked.\n // This catch is for other unexpected errors.\n validSignature = false\n }\n }\n }\n\n if (!validSignature)\n throw new AuthError('Invalid JWT signature')\n\n const claims = new JWTRegisteredClaims(payload)\n if (claims.hasExpiration() && !claims.verifyExpiration())\n throw new AuthError('JWT expired')\n if (claims.hasNotBefore() && !claims.verifyNotBefore())\n throw new AuthError('JWT not yet valid')\n if (iss && (payload as any).iss !== iss)\n throw new AuthError('Invalid JWT issuer')\n\n if (aud) {\n const expectedAudience = Array.isArray(aud) ? aud : [aud]\n const tokenAudience = (payload as any).aud\n ? (Array.isArray((payload as any).aud) ? (payload as any).aud : [(payload as any).aud])\n : []\n\n if (!expectedAudience.some(audValue => tokenAudience.includes(audValue)))\n throw new AuthError('Invalid JWT audience')\n }\n\n return payload as T\n}\n","import { generateCodeVerifier, generateState } from 'arctic'\n\nexport function createOAuthUris() {\n const state = generateState()\n const codeVerifier = generateCodeVerifier()\n\n return {\n state,\n codeVerifier,\n }\n}\n","export interface User {\n id: string\n name?: string | null\n email?: string | null\n emailVerified?: boolean | null\n image?: string | null\n role?: string | null\n}\n\nexport interface Session {\n id: string\n sub: string\n [key: string]: unknown\n}\n\nexport interface GauSession<TProviders extends string = string> {\n user: User | null\n session: Session | null\n accounts?: Account[] | null\n providers?: TProviders[]\n}\n\nexport const NULL_SESSION = {\n user: null,\n session: null,\n accounts: null,\n} as const\n\nexport interface NewUser extends Omit<User, 'id' | 'accounts'> {\n id?: string\n}\n\nexport interface Account {\n userId: string\n provider: string\n providerAccountId: string\n type?: string // e.g. \"oauth\"\n accessToken?: string | null\n refreshToken?: string | null\n expiresAt?: number | null // epoch seconds\n idToken?: string | null\n scope?: string | null\n tokenType?: string | null\n sessionState?: string | null\n}\n\nexport interface NewAccount extends Account {}\n\nexport interface Adapter {\n getUser: (id: string) => Promise<User | null>\n getUserByEmail: (email: string) => Promise<User | null>\n getUserByAccount: (provider: string, providerAccountId: string) => Promise<User | null>\n getAccounts: (userId: string) => Promise<Account[]>\n getUserAndAccounts: (userId: string) => Promise<{ user: User, accounts: Account[] } | null>\n createUser: (data: NewUser) => Promise<User>\n linkAccount: (data: NewAccount) => Promise<void>\n unlinkAccount: (provider: string, providerAccountId: string) => Promise<void>\n updateAccount?: (data: Partial<Account> & { userId: string, provider: string, providerAccountId: string }) => Promise<void>\n updateUser: (data: Partial<User> & { id: string }) => Promise<User>\n deleteUser: (id: string) => Promise<void>\n}\n\nexport class AuthError extends Error {\n override readonly cause?: unknown\n constructor(message: string, cause?: unknown) {\n super(message)\n this.name = 'AuthError'\n this.cause = cause\n }\n}\n\nexport function json<T>(data: T, init: ResponseInit = {}): Response {\n const headers = new Headers(init.headers)\n if (!headers.has('Content-Type'))\n headers.set('Content-Type', 'application/json; charset=utf-8')\n return new Response(JSON.stringify(data), { ...init, headers })\n}\n\nexport function redirect(url: string, status: 302 | 303 = 302): Response {\n return new Response(null, {\n status,\n headers: {\n Location: url,\n },\n })\n}\n\nexport * from './cookies'\nexport * from './createAuth'\nexport * from './handler'\n","import { BROWSER } from 'esm-env'\nimport { getSessionToken } from '../../client/token'\n\nexport function isTauri(): boolean {\n return BROWSER && '__TAURI_INTERNALS__' in (globalThis as any)\n}\n\nexport async function signInWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n profile?: string,\n) {\n if (!isTauri())\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { openUrl } = await import('@tauri-apps/plugin-opener')\n\n const currentPlatform = platform() // platform is NO LONGER an async function\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const params = new URLSearchParams()\n params.set('redirectTo', redirectTo)\n if (profile)\n params.set('profile', profile)\n const authUrl = `${baseUrl}/${provider}?${params.toString()}`\n await openUrl(authUrl)\n}\n\nexport async function setupTauriListener(\n handler: (url: string) => Promise<void>,\n): Promise<(() => void) | void> {\n if (!isTauri())\n return\n\n const { listen } = await import('@tauri-apps/api/event')\n try {\n const unlisten = await listen<string>('deep-link', async (event) => {\n await handler(event.payload)\n })\n return unlisten\n }\n catch (err) {\n console.error(err)\n }\n}\n\nexport function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void) {\n const parsed = new URL(url)\n if (parsed.protocol !== `${scheme}:` && parsed.origin !== new URL(baseUrl).origin)\n return\n\n const params = new URLSearchParams(parsed.hash.substring(1))\n const token = params.get('token')\n if (token)\n onToken(token)\n}\n\nexport async function linkAccountWithTauri(\n provider: string,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n profile?: string,\n) {\n if (!isTauri())\n return\n\n const { platform } = await import('@tauri-apps/plugin-os')\n const { openUrl } = await import('@tauri-apps/plugin-opener')\n\n const currentPlatform = platform()\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else if (currentPlatform === 'android' || currentPlatform === 'ios')\n redirectTo = new URL(baseUrl).origin\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const token = getSessionToken()\n if (!token) {\n console.error('No session token found, cannot link account.')\n return\n }\n\n const params = new URLSearchParams()\n params.set('redirectTo', redirectTo)\n params.set('token', token)\n if (profile)\n params.set('profile', profile)\n const linkUrl = `${baseUrl}/link/${provider}?${params.toString()}`\n await openUrl(linkUrl)\n}\n","import { BROWSER } from 'esm-env'\n\nexport function storeSessionToken(token: string) {\n if (!BROWSER)\n return\n try {\n localStorage.setItem('gau-token', token)\n document.cookie = `__gau-session-token=${token}; path=/; max-age=31536000; samesite=lax; secure`\n }\n catch {}\n}\n\nexport function getSessionToken(): string | null {\n if (!BROWSER)\n return null\n return localStorage.getItem('gau-token')\n}\n\nexport function clearSessionToken() {\n if (!BROWSER)\n return\n try {\n localStorage.removeItem('gau-token')\n document.cookie = `__gau-session-token=; path=/; max-age=0`\n }\n catch {}\n}\n"],"mappings":";AACA,SAAS,WAAAA,gBAAe;AACxB,SAAS,YAAY,kBAAkB;;;ACDvC,SAAS,OAAO,iBAAiB;AA2D1B,IAAM,eAAe,KAAK;;;AC3DjC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;ACPP,SAAS,sBAAsB,qBAAqB;;;ACsB7C,IAAM,eAAe;AAAA,EAC1B,MAAM;AAAA,EACN,SAAS;AAAA,EACT,UAAU;AACZ;;;AC1BA,SAAS,WAAAC,gBAAe;;;ACAxB,SAAS,eAAe;AAEjB,SAAS,kBAAkB,OAAe;AAC/C,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,QAAQ,aAAa,KAAK;AACvC,aAAS,SAAS,uBAAuB,KAAK;AAAA,EAChD,QACM;AAAA,EAAC;AACT;AAEO,SAAS,kBAAiC;AAC/C,MAAI,CAAC;AACH,WAAO;AACT,SAAO,aAAa,QAAQ,WAAW;AACzC;AAEO,SAAS,oBAAoB;AAClC,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,WAAW,WAAW;AACnC,aAAS,SAAS;AAAA,EACpB,QACM;AAAA,EAAC;AACT;;;ADvBO,SAAS,UAAmB;AACjC,SAAOC,YAAW,yBAA0B;AAC9C;AAEA,eAAsB,gBACpB,UACA,SACA,SAAiB,OACjB,kBACA,SACA;AACA,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,2BAA2B;AAE5D,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,SAAS,IAAI,gBAAgB;AACnC,SAAO,IAAI,cAAc,UAAU;AACnC,MAAI;AACF,WAAO,IAAI,WAAW,OAAO;AAC/B,QAAM,UAAU,GAAG,OAAO,IAAI,QAAQ,IAAI,OAAO,SAAS,CAAC;AAC3D,QAAM,QAAQ,OAAO;AACvB;AAEA,eAAsB,mBACpB,SAC8B;AAC9B,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,uBAAuB;AACvD,MAAI;AACF,UAAM,WAAW,MAAM,OAAe,aAAa,OAAO,UAAU;AAClE,YAAM,QAAQ,MAAM,OAAO;AAAA,IAC7B,CAAC;AACD,WAAO;AAAA,EACT,SACO,KAAK;AACV,YAAQ,MAAM,GAAG;AAAA,EACnB;AACF;AAEO,SAAS,oBAAoB,KAAa,SAAiB,QAAgB,SAAkC;AAClH,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,MAAI,OAAO,aAAa,GAAG,MAAM,OAAO,OAAO,WAAW,IAAI,IAAI,OAAO,EAAE;AACzE;AAEF,QAAM,SAAS,IAAI,gBAAgB,OAAO,KAAK,UAAU,CAAC,CAAC;AAC3D,QAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,MAAI;AACF,YAAQ,KAAK;AACjB;AAEA,eAAsB,qBACpB,UACA,SACA,SAAiB,OACjB,kBACA,SACA;AACA,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,2BAA2B;AAE5D,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,QAAQ,gBAAgB;AAC9B,MAAI,CAAC,OAAO;AACV,YAAQ,MAAM,8CAA8C;AAC5D;AAAA,EACF;AAEA,QAAM,SAAS,IAAI,gBAAgB;AACnC,SAAO,IAAI,cAAc,UAAU;AACnC,SAAO,IAAI,SAAS,KAAK;AACzB,MAAI;AACF,WAAO,IAAI,WAAW,OAAO;AAC/B,QAAM,UAAU,GAAG,OAAO,SAAS,QAAQ,IAAI,OAAO,SAAS,CAAC;AAChE,QAAM,QAAQ,OAAO;AACvB;;;ALxFA,IAAM,mBAAmB,OAAO,UAAU;AAEnC,SAAS,iBAAwC;AAAA,EACtD,UAAU;AAAA,EACV,SAAS;AAAA,EACT,YAAY;AACd,IAII,CAAC,GAAG;AAEN,MAAI,UAAU,OAAuB,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE,CAAC;AAEvE,iBAAe,eAAe,KAAa;AACzC,QAAI,aAAoC,OAAK,OAAO,QAAQ,aAAa,MAAM,IAAI,CAAC;AACpF,QAAI;AACF,YAAM,UAAU;AAChB,YAAM,EAAE,aAAa,IAAI,MAAM;AAAA;AAAA,QAA0B;AAAA;AACzD,mBAAa,OAAK,aAAa,GAAG,CAAC,CAAC;AAAA,IACtC,QACM;AAAA,IAAC;AACP,eAAW,GAAG;AAAA,EAChB;AAEA,iBAAe,eAAe;AAC5B,QAAI,CAACC,UAAS;AACZ,gBAAU,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE;AAC3C;AAAA,IACF;AAEA,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,IAAI,EAAE,aAAa,UAAU,CAAC;AAE9F,UAAM,cAAc,IAAI,QAAQ,IAAI,cAAc;AAClD,QAAI,aAAa,SAAS,kBAAkB,GAAG;AAC7C,gBAAU,MAAM,IAAI,KAAK;AAAA,IAC3B,OACK;AACH,gBAAU;AAAA,QACR,GAAG;AAAA,QACH,WAAW,CAAC;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,OAAqC,UAAa,EAAE,YAAY,QAAQ,IAA8D,CAAC,GAAG;AACvJ,QAAI,kBAAkB,cAAc;AACpC,QAAI,QAAQ,GAAG;AACb,YAAM,gBAAgB,UAAoB,SAAS,QAAQ,iBAAiB,OAA6B;AAAA,IAC3G,OACK;AACH,UAAI,CAAC,mBAAmBA;AACtB,0BAAkB,OAAO,SAAS;AAEpC,YAAM,SAAS,IAAI,gBAAgB;AACnC,UAAI;AACF,eAAO,IAAI,cAAc,eAAe;AAC1C,UAAI;AACF,eAAO,IAAI,WAAW,OAAO,OAAO,CAAC;AACvC,YAAM,IAAI,OAAO,SAAS;AAC1B,aAAO,SAAS,OAAO,GAAG,OAAO,IAAI,QAAkB,GAAG,IAAI,IAAI,CAAC,KAAK,EAAE;AAAA,IAC5E;AAAA,EACF;AAEA,iBAAe,YAA0C,UAAa,EAAE,YAAY,QAAQ,IAA8D,CAAC,GAAG;AAC5J,QAAI,QAAQ,GAAG;AACb,YAAM,qBAAqB,UAAoB,SAAS,QAAQ,YAAY,OAA6B;AACzG;AAAA,IACF;AAEA,QAAI,kBAAkB,cAAc;AACpC,QAAI,CAAC,mBAAmBA;AACtB,wBAAkB,OAAO,SAAS;AAEpC,UAAM,SAAS,IAAI,gBAAgB;AACnC,QAAI;AACF,aAAO,IAAI,cAAc,eAAe;AAC1C,QAAI;AACF,aAAO,IAAI,WAAW,OAAO,OAAO,CAAC;AACvC,WAAO,IAAI,YAAY,OAAO;AAC9B,UAAM,UAAU,GAAG,OAAO,SAAS,QAAkB,IAAI,OAAO,SAAS,CAAC;AAE1E,UAAM,QAAQ,gBAAgB;AAE9B,UAAM,eAA4B,QAC9B,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAChD,EAAE,aAAa,UAAU;AAE7B,UAAM,MAAM,MAAM,MAAM,SAAS,YAAY;AAC7C,QAAI,IAAI,YAAY;AAClB,aAAO,SAAS,OAAO,IAAI;AAAA,IAC7B,OACK;AACH,UAAI;AACF,cAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,YAAI,KAAK;AACP,iBAAO,SAAS,OAAO,KAAK;AAAA,MAChC,SACO,GAAG;AACR,gBAAQ,MAAM,+CAA+C,CAAC;AAAA,MAChE;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,cAAc,UAA8B;AACzD,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAC9B,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAChD,EAAE,aAAa,UAAU;AAE7B,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,WAAW,QAAkB,IAAI;AAAA,MACjE,QAAQ;AAAA,MACR,GAAG;AAAA,IACL,CAAC;AAED,QAAI,IAAI;AACN,YAAM,aAAa;AAAA;AAEnB,cAAQ,MAAM,4BAA4B,MAAM,IAAI,KAAK,CAAC;AAAA,EAC9D;AAEA,iBAAe,UAAU;AACvB,sBAAkB;AAClB,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,QAAQ,QAAQ,IAAI,EAAE,QAAQ,QAAQ,aAAa,UAAU,CAAC;AAClH,UAAM,aAAa;AAAA,EACrB;AAEA,MAAIA,UAAS;AACX,QAAI,OAAO,SAAS,SAAS;AAC3B,WAAK,eAAe,OAAO,SAAS,WAAW,OAAO,SAAS,MAAM;AAEvE,UAAM,OAAO,IAAI,IAAI,OAAO,SAAS,IAAI,EAAE,KAAK,UAAU,CAAC;AAC3D,UAAM,SAAS,IAAI,gBAAgB,IAAI;AACvC,UAAM,eAAe,OAAO,IAAI,OAAO;AAEvC,QAAI,cAAc;AAChB,wBAAkB,YAAY;AAC9B,YAAM,YAAY;AAChB,cAAM,eAAe,OAAO,SAAS,WAAW,OAAO,SAAS,MAAM;AACtE,cAAM,aAAa;AAAA,MACrB,GAAG;AAAA,IACL,OACK;AACH,mBAAa;AAAA,IACf;AAAA,EACF;AAEA,UAAQ,MAAM;AACZ,QAAI,CAACA,YAAW,CAAC,QAAQ;AACvB;AAEF,QAAI;AACJ,QAAI,WAAW;AAEf,uBAAmB,OAAO,QAAQ;AAChC,0BAAoB,KAAK,SAAS,QAAQ,OAAO,UAAU;AACzD,0BAAkB,KAAK;AACvB,cAAM,aAAa;AAAA,MACrB,CAAC;AAAA,IACH,CAAC,EAAE,KAAK,CAAC,aAAa;AACpB,UAAI;AACF,mBAAW;AAAA;AAEX,kBAAU;AAAA,IACd,CAAC;AAED,WAAO,MAAM;AACX,iBAAW;AACX,gBAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,eAAwC;AAAA,IAC5C,IAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,aAAW,kBAAkB,YAAY;AAC3C;AAEO,SAAS,UAA0D;AACxE,QAAM,UAAU,WAAoC,gBAAgB;AACpE,MAAI,CAAC;AACH,UAAM,IAAI,MAAM,6CAA6C;AAE/D,SAAO;AACT;","names":["BROWSER","BROWSER","BROWSER","BROWSER"]}
package/dist/src/core/cookies.d.ts CHANGED
@@ -19,5 +19,5 @@ export declare const LINKING_TOKEN_COOKIE_NAME = "__gau-linking-token";
19
19
  export declare const PKCE_COOKIE_NAME = "__gau-pkce-code-verifier";
20
20
  export declare const CALLBACK_URI_COOKIE_NAME = "__gau-callback-uri";
21
21
  export declare const PROVIDER_OPTIONS_COOKIE_NAME = "__gau-provider-options";
22
- export declare const CSRF_MAX_AGE: number; // 10 minutes
22
+ export declare const CSRF_MAX_AGE: number;
23
23
  //# sourceMappingURL=cookies.d.ts.map
package/dist/src/core/cookies.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../../src/core/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAA;AAG9C,eAAO,MAAM,gCAAgC,EAAE,gBAK9C,CAAA;AAED,MAAM,MAAM,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAA;AAEvD,wBAAgB,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAQzF;AAED,qBAAa,OAAO;;IAIhB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAFjC,YACmB,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,cAAc,EAAE,gBAAgB,EAC/C;IAEJ,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAEpC;IAED,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,IAAI,CAGjE;IAED,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,QAAQ,CAAC,GAAG,IAAI,CAEjF;IAED,SAAS,IAAI,OAAO,CAMnB;CACF;AAED,eAAO,MAAM,gBAAgB,qBAAqB,CAAA;AAClD,eAAO,MAAM,mBAAmB,wBAAwB,CAAA;AACxD,eAAO,MAAM,4BAA4B,2BAA2B,CAAA;AACpE,eAAO,MAAM,yBAAyB,wBAAwB,CAAA;AAC9D,eAAO,MAAM,gBAAgB,6BAA6B,CAAA;AAC1D,eAAO,MAAM,wBAAwB,uBAAuB,CAAA;AAC5D,eAAO,MAAM,4BAA4B,2BAA2B,CAAA;AAEpE,eAAO,MAAM,YAAY,QAAU,CAAA,CAAC,aAAa"}
1
+ {"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../../src/core/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAA;AAG9C,eAAO,MAAM,gCAAgC,EAAE,gBAK9C,CAAA;AAED,MAAM,MAAM,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAA;AAEvD,wBAAgB,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAQzF;AAED,qBAAa,OAAO;;IAIhB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAFjC,YACmB,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,cAAc,EAAE,gBAAgB,EAC/C;IAEJ,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAEpC;IAED,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,IAAI,CAGjE;IAED,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,QAAQ,CAAC,GAAG,IAAI,CAEjF;IAED,SAAS,IAAI,OAAO,CAMnB;CACF;AAED,eAAO,MAAM,gBAAgB,qBAAqB,CAAA;AAClD,eAAO,MAAM,mBAAmB,wBAAwB,CAAA;AACxD,eAAO,MAAM,4BAA4B,2BAA2B,CAAA;AACpE,eAAO,MAAM,yBAAyB,wBAAwB,CAAA;AAC9D,eAAO,MAAM,gBAAgB,6BAA6B,CAAA;AAC1D,eAAO,MAAM,wBAAwB,uBAAuB,CAAA;AAC5D,eAAO,MAAM,4BAA4B,2BAA2B,CAAA;AAEpE,eAAO,MAAM,YAAY,QAAU,CAAA"}
package/dist/src/core/handlers/callback.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAezC,wBAAsB,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAmgBxG"}
1
+ {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAezC,wBAAsB,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CA2hBxG"}
package/dist/src/core/handlers/index.js CHANGED
@@ -1 +1 @@
1
- import{applyCors as o,handleCallback as r,handleLink as m,handlePreflight as p,handleSession as t,handleSignIn as K,handleSignOut as N,handleUnlink as c,verifyRequestOrigin as e}from"../../../chunk-3NKNADKP.js";export{o as applyCors,r as handleCallback,m as handleLink,p as handlePreflight,t as handleSession,K as handleSignIn,N as handleSignOut,c as handleUnlink,e as verifyRequestOrigin};//# sourceMappingURL=index.js.map
1
+ import{applyCors as o,handleCallback as r,handleLink as m,handlePreflight as p,handleSession as t,handleSignIn as c,handleSignOut as e,handleUnlink as f,verifyRequestOrigin as h}from"../../../chunk-PJCHBT42.js";export{o as applyCors,r as handleCallback,m as handleLink,p as handlePreflight,t as handleSession,c as handleSignIn,e as handleSignOut,f as handleUnlink,h as verifyRequestOrigin};//# sourceMappingURL=index.js.map
package/dist/src/core/handlers/login.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAMzC,wBAAsB,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAEtG;AAED,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,CAcnF"}
1
+ {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAMzC,wBAAsB,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAEtG;AAED,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,CAkBnF"}
package/dist/src/core/handlers/utils.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAczC,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,GAAG,MAAM,EAAE,EAAE,WAAW,EAAE,OAAO,GAAG,OAAO,CA+BjH;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,GAAG,IAAI,GAC1B,OAAO,CAAC,QAAQ,CAAC,CAsHnB"}
1
+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAczC,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,GAAG,MAAM,EAAE,EAAE,WAAW,EAAE,OAAO,GAAG,OAAO,CA+BjH;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,GAAG,IAAI,GAC1B,OAAO,CAAC,QAAQ,CAAC,CA6HnB"}
package/dist/src/core/index.d.ts CHANGED
@@ -29,10 +29,10 @@ export interface Account {
29
29
  userId: string;
30
30
  provider: string;
31
31
  providerAccountId: string;
32
- type?: string; // e.g. "oauth"
32
+ type?: string;
33
33
  accessToken?: string | null;
34
34
  refreshToken?: string | null;
35
- expiresAt?: number | null; // epoch seconds
35
+ expiresAt?: number | null;
36
36
  idToken?: string | null;
37
37
  scope?: string | null;
38
38
  tokenType?: string | null;
package/dist/src/core/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,aAAa,CAAC,EAAE,OAAO,GAAG,IAAI,CAAA;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,UAAU,CAAC,UAAU,SAAS,MAAM,GAAG,MAAM;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IACjB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAA;IACvB,QAAQ,CAAC,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;IAC3B,SAAS,CAAC,EAAE,UAAU,EAAE,CAAA;CACzB;AAED,eAAO,MAAM,YAAY;;;;CAIf,CAAA;AAEV,MAAM,WAAW,OAAQ,SAAQ,IAAI,CAAC,IAAI,EAAE,IAAI,GAAG,UAAU,CAAC;IAC5D,EAAE,CAAC,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,CAAA,CAAC,eAAe;IAC7B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA,CAAC,gBAAgB;IAC1C,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED,MAAM,WAAW,UAAW,SAAQ,OAAO;CAAG;AAE9C,MAAM,WAAW,OAAO;IACtB,OAAO,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IAC7C,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvD,gBAAgB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvF,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;IACnD,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IAC3F,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5C,WAAW,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChD,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7E,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC3H,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACnE,UAAU,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1C;AAED,qBAAa,SAAU,SAAQ,KAAK;IAClC,SAAkB,KAAK,CAAC,EAAE,OAAO,CAAA;IACjC,YAAY,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,EAI3C;CACF;AAED,wBAAgB,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,GAAE,YAAiB,GAAG,QAAQ,CAKlE;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,GAAG,GAAG,GAAS,GAAG,QAAQ,CAOvE;AAED,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,WAAW,CAAA"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,aAAa,CAAC,EAAE,OAAO,GAAG,IAAI,CAAA;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,UAAU,CAAC,UAAU,SAAS,MAAM,GAAG,MAAM;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IACjB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAA;IACvB,QAAQ,CAAC,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;IAC3B,SAAS,CAAC,EAAE,UAAU,EAAE,CAAA;CACzB;AAED,eAAO,MAAM,YAAY;;;;CAIf,CAAA;AAEV,MAAM,WAAW,OAAQ,SAAQ,IAAI,CAAC,IAAI,EAAE,IAAI,GAAG,UAAU,CAAC;IAC5D,EAAE,CAAC,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED,MAAM,WAAW,UAAW,SAAQ,OAAO;CAAG;AAE9C,MAAM,WAAW,OAAO;IACtB,OAAO,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IAC7C,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvD,gBAAgB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvF,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;IACnD,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IAC3F,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5C,WAAW,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChD,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7E,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC3H,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACnE,UAAU,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1C;AAED,qBAAa,SAAU,SAAQ,KAAK;IAClC,SAAkB,KAAK,CAAC,EAAE,OAAO,CAAA;IACjC,YAAY,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,EAI3C;CACF;AAED,wBAAgB,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,GAAE,YAAiB,GAAG,QAAQ,CAKlE;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,GAAG,GAAG,GAAS,GAAG,QAAQ,CAOvE;AAED,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,WAAW,CAAA"}
package/dist/src/core/index.js CHANGED
@@ -1 +1 @@
1
- import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CSRF_COOKIE_NAME as m,CSRF_MAX_AGE as p,Cookies as t,DEFAULT_COOKIE_SERIALIZE_OPTIONS as K,LINKING_TOKEN_COOKIE_NAME as N,NULL_SESSION as c,PKCE_COOKIE_NAME as e,PROVIDER_OPTIONS_COOKIE_NAME as f,SESSION_COOKIE_NAME as h,SESSION_STRATEGY_COOKIE_NAME as i,createAuth as j,createHandler as k,json as n,parseCookies as s,redirect as u}from"../../chunk-3NKNADKP.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CSRF_COOKIE_NAME,p as CSRF_MAX_AGE,t as Cookies,K as DEFAULT_COOKIE_SERIALIZE_OPTIONS,N as LINKING_TOKEN_COOKIE_NAME,c as NULL_SESSION,e as PKCE_COOKIE_NAME,f as PROVIDER_OPTIONS_COOKIE_NAME,h as SESSION_COOKIE_NAME,i as SESSION_STRATEGY_COOKIE_NAME,j as createAuth,k as createHandler,n as json,s as parseCookies,u as redirect};//# sourceMappingURL=index.js.map
1
+ import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CSRF_COOKIE_NAME as m,CSRF_MAX_AGE as p,Cookies as t,DEFAULT_COOKIE_SERIALIZE_OPTIONS as c,LINKING_TOKEN_COOKIE_NAME as e,NULL_SESSION as f,PKCE_COOKIE_NAME as h,PROVIDER_OPTIONS_COOKIE_NAME as i,SESSION_COOKIE_NAME as j,SESSION_STRATEGY_COOKIE_NAME as k,createAuth as n,createHandler as s,json as u,parseCookies as x,redirect as B}from"../../chunk-PJCHBT42.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CSRF_COOKIE_NAME,p as CSRF_MAX_AGE,t as Cookies,c as DEFAULT_COOKIE_SERIALIZE_OPTIONS,e as LINKING_TOKEN_COOKIE_NAME,f as NULL_SESSION,h as PKCE_COOKIE_NAME,i as PROVIDER_OPTIONS_COOKIE_NAME,j as SESSION_COOKIE_NAME,k as SESSION_STRATEGY_COOKIE_NAME,n as createAuth,s as createHandler,u as json,x as parseCookies,B as redirect};//# sourceMappingURL=index.js.map
package/dist/src/index.js CHANGED
@@ -1 +1 @@
1
- import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CSRF_COOKIE_NAME as m,CSRF_MAX_AGE as p,Cookies as t,DEFAULT_COOKIE_SERIALIZE_OPTIONS as K,LINKING_TOKEN_COOKIE_NAME as N,NULL_SESSION as c,PKCE_COOKIE_NAME as e,PROVIDER_OPTIONS_COOKIE_NAME as f,SESSION_COOKIE_NAME as h,SESSION_STRATEGY_COOKIE_NAME as i,createAuth as j,createHandler as k,json as n,parseCookies as s,redirect as u}from"../chunk-3NKNADKP.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CSRF_COOKIE_NAME,p as CSRF_MAX_AGE,t as Cookies,K as DEFAULT_COOKIE_SERIALIZE_OPTIONS,N as LINKING_TOKEN_COOKIE_NAME,c as NULL_SESSION,e as PKCE_COOKIE_NAME,f as PROVIDER_OPTIONS_COOKIE_NAME,h as SESSION_COOKIE_NAME,i as SESSION_STRATEGY_COOKIE_NAME,j as createAuth,k as createHandler,n as json,s as parseCookies,u as redirect};//# sourceMappingURL=index.js.map
1
+ import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CSRF_COOKIE_NAME as m,CSRF_MAX_AGE as p,Cookies as t,DEFAULT_COOKIE_SERIALIZE_OPTIONS as c,LINKING_TOKEN_COOKIE_NAME as e,NULL_SESSION as f,PKCE_COOKIE_NAME as h,PROVIDER_OPTIONS_COOKIE_NAME as i,SESSION_COOKIE_NAME as j,SESSION_STRATEGY_COOKIE_NAME as k,createAuth as n,createHandler as s,json as u,parseCookies as x,redirect as B}from"../chunk-PJCHBT42.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CSRF_COOKIE_NAME,p as CSRF_MAX_AGE,t as Cookies,c as DEFAULT_COOKIE_SERIALIZE_OPTIONS,e as LINKING_TOKEN_COOKIE_NAME,f as NULL_SESSION,h as PKCE_COOKIE_NAME,i as PROVIDER_OPTIONS_COOKIE_NAME,j as SESSION_COOKIE_NAME,k as SESSION_STRATEGY_COOKIE_NAME,n as createAuth,s as createHandler,u as json,x as parseCookies,B as redirect};//# sourceMappingURL=index.js.map
package/dist/src/jwt/index.js CHANGED
@@ -1 +1 @@
1
- import{sign as o,verify as r}from"../../chunk-3NKNADKP.js";export{o as sign,r as verify};//# sourceMappingURL=index.js.map
1
+ import{sign as o,verify as r}from"../../chunk-PJCHBT42.js";export{o as sign,r as verify};//# sourceMappingURL=index.js.map
package/dist/src/oauth/index.d.ts CHANGED
@@ -1,4 +1,6 @@
1
1
  import type { OAuth2Tokens } from 'arctic';
2
+ export { Discord } from './providers/discord';
3
+ export { Facebook } from './providers/facebook';
2
4
  export { GitHub } from './providers/github';
3
5
  export { Google } from './providers/google';
4
6
  export { Microsoft } from './providers/microsoft';
package/dist/src/oauth/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AAEjD,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAChC;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,EAAE,OAAO,GAAG,IAAI,CAAA;IAC7B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAC7B;AAED,MAAM,MAAM,wBAAwB,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;AAEjG,MAAM,WAAW,aAAa,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,EAAE,CAAC,GAAG,mBAAmB;IAC/E,EAAE,EAAE,CAAC,CAAA;IACL,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,mBAAmB,EAAE,CACnB,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAC,SAAS,CAAC,EAAE,wBAAwB,CAAC,CAAC,CAAC,CAAA;KAAE,KAC5H,OAAO,CAAC,GAAG,CAAC,CAAA;IACjB,gBAAgB,EAAE,CAChB,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,EACpB,WAAW,CAAC,EAAE,MAAM,EACpB,SAAS,CAAC,EAAE,wBAAwB,CAAC,CAAC,CAAC,KACpC,OAAO,CAAC;QAAE,MAAM,EAAE,YAAY,CAAC;QAAC,IAAI,EAAE,QAAQ,CAAA;KAAE,CAAC,CAAA;IACtD,kBAAkB,CAAC,EAAE,CACnB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,SAAS,CAAC,EAAE,wBAAwB,CAAC,CAAC,CAAC,CAAA;KAAE,KAC3F,OAAO,CAAC,eAAe,CAAC,CAAA;CAC9B"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAE1C,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAA;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AAEjD,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAChC;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,EAAE,OAAO,GAAG,IAAI,CAAA;IAC7B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAC7B;AAED,MAAM,MAAM,wBAAwB,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;AAEjG,MAAM,WAAW,aAAa,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,EAAE,CAAC,GAAG,mBAAmB;IAC/E,EAAE,EAAE,CAAC,CAAA;IACL,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,mBAAmB,EAAE,CACnB,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAC,SAAS,CAAC,EAAE,wBAAwB,CAAC,CAAC,CAAC,CAAA;KAAE,KAC5H,OAAO,CAAC,GAAG,CAAC,CAAA;IACjB,gBAAgB,EAAE,CAChB,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,EACpB,WAAW,CAAC,EAAE,MAAM,EACpB,SAAS,CAAC,EAAE,wBAAwB,CAAC,CAAC,CAAC,KACpC,OAAO,CAAC;QAAE,MAAM,EAAE,YAAY,CAAC;QAAC,IAAI,EAAE,QAAQ,CAAA;KAAE,CAAC,CAAA;IACtD,kBAAkB,CAAC,EAAE,CACnB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,SAAS,CAAC,EAAE,wBAAwB,CAAC,CAAC,CAAC,CAAA;KAAE,KAC3F,OAAO,CAAC,eAAe,CAAC,CAAA;CAC9B"}
package/dist/src/oauth/index.js CHANGED
@@ -1 +1 @@
1
- import{CodeChallengeMethod as e,OAuth2Client as t}from"arctic";var r="https://api.github.com";function n(n){const i=new t(n.clientId,n.clientSecret,n.redirectUri??null);function a(e){return e&&e!==n.redirectUri?new t(n.clientId,n.clientSecret,e):i}return{id:"github",linkOnly:n.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,r,i){const o=a(i?.redirectUri),c=i?.scopes??n.scope??["read:user","user:email"],s=await o.createAuthorizationURLWithPKCE("https://github.com/login/oauth/authorize",t,e.S256,r,c);if(i?.params)for(const[e,t]of Object.entries(i.params))null!=t&&s.searchParams.set(e,String(t));return s},async validateCallback(e,t,n){const i=a(n),o=await i.validateAuthorizationCode("https://github.com/login/oauth/access_token",e,t),c=await async function(e){const t=await fetch(`${r}/user`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}}),n=await t.json();let i=n.email,a=!1;const o=await fetch(`${r}/user/emails`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}});if(o.ok){const e=await o.json(),t=e.find(e=>e.primary&&e.verified);if(t)i=t.email,a=!0;else{const t=e.find(e=>e.verified);t&&(i=t.email,a=!0)}}return{id:n.id.toString(),name:n.name??n.login,email:i,emailVerified:a,avatar:n.avatar_url,raw:n}}(o.accessToken());return{tokens:o,user:c}}}}import{CodeChallengeMethod as i,OAuth2Client as a}from"arctic";var o="https://oauth2.googleapis.com/token";function c(e){const t=new a(e.clientId,e.clientSecret,e.redirectUri??null);function r(r){return r&&r!==e.redirectUri?new a(e.clientId,e.clientSecret,r):t}return{id:"google",linkOnly:e.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,n,a){const o=r(a?.redirectUri),c=a?.scopes??e.scope??["openid","email","profile"],s=await o.createAuthorizationURLWithPKCE("https://accounts.google.com/o/oauth2/v2/auth",t,i.S256,n,c);if(a?.params)for(const[e,t]of Object.entries(a.params))null!=t&&s.searchParams.set(e,String(t));return s},async validateCallback(e,t,n){const i=r(n),a=await i.validateAuthorizationCode(o,e,t),c=await async function(e){const t=await fetch("https://openidconnect.googleapis.com/v1/userinfo",{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau"}}),r=await t.json();return{id:r.sub,name:r.name,email:r.email,emailVerified:r.email_verified,avatar:r.picture,raw:r}}(a.accessToken());return{tokens:a,user:c}},async refreshAccessToken(t){const r=new URLSearchParams({client_id:e.clientId,client_secret:e.clientSecret,grant_type:"refresh_token",refresh_token:t}),n=await fetch(o,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:r}),i=await n.json();if(!n.ok)throw i;const a=i.expires_in,c="number"==typeof a?Math.floor(Date.now()/1e3)+Math.floor(a):void 0;return{accessToken:i.access_token,refreshToken:i.refresh_token??t,expiresAt:c??null,idToken:i.id_token??null,tokenType:i.token_type??null,scope:i.scope??null}}}}import{CodeChallengeMethod as s,OAuth2Client as l}from"arctic";async function d(e,t){const r=await fetch("https://graph.microsoft.com/v1.0/me",{headers:{Authorization:`Bearer ${e}`}}),n=await r.json();let i=n.mail??n.userPrincipalName,a=!1;if(t)try{const e=t.split("."),r=JSON.parse((new TextDecoder).decode(function(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"="),i=atob(n),a=i.length,o=new Uint8Array(a);for(let e=0;e<a;e++)o[e]=i.charCodeAt(e);return o}(e[1]))),n="9188040d-6c67-4c5b-b112-36a304b66dad";if(r.verified_primary_email){const e=Array.isArray(r.verified_primary_email)?r.verified_primary_email[0]:r.verified_primary_email;"string"==typeof e&&(i=e,a=!0)}else(r.tid===n||!0===r.xms_edov)&&(i=r.email??i,a=!0)}catch{}const o=await fetch("https://graph.microsoft.com/v1.0/me/photo/$value",{headers:{Authorization:`Bearer ${e}`}});let c=null;if(o.ok)try{const e=await o.blob(),t=new FileReader,r=new Promise((r,n)=>{t.onloadend=()=>r(t.result),t.onerror=n,t.readAsDataURL(e)});c=await r}catch{}return{id:n.id,name:n.displayName,email:i,emailVerified:a,avatar:c,raw:n}}function u(e){const t=e=>({authURL:`https://login.microsoftonline.com/${e}/oauth2/v2.0/authorize`,tokenURL:`https://login.microsoftonline.com/${e}/oauth2/v2.0/token`}),r=new l(e.clientId,e.clientSecret,e.redirectUri??null);function n(t){return t&&t!==e.redirectUri?new l(e.clientId,e.clientSecret,t):r}return{id:"microsoft",linkOnly:e.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(r,i,a){const o=n(a?.redirectUri),c=a?.scopes??e.scope??["openid","profile","email","User.Read"],l=a?.overrides?.tenant??e.tenant??"common",{authURL:d}=t(l),u=await o.createAuthorizationURLWithPKCE(d,r,s.S256,i,c),h=a?.overrides?.prompt??a?.params?.prompt??e.prompt;h&&u.searchParams.set("prompt",h);const p={...e.params??{},...a?.params??{}};if(Object.keys(p).length)for(const[e,t]of Object.entries(p))"prompt"!==e&&null!=t&&u.searchParams.set(e,String(t));return u},async validateCallback(r,i,a,o){const c=n(a),s=o?.tenant??e.tenant??"common",{tokenURL:l}=t(s),u=await c.validateAuthorizationCode(l,r,i),h=await d(u.accessToken(),u.idToken());return{tokens:u,user:h}},async refreshAccessToken(r,n){const i=n?.overrides?.tenant??e.tenant??"common",{tokenURL:a}=t(i),o=new URLSearchParams({client_id:e.clientId,client_secret:e.clientSecret,grant_type:"refresh_token",refresh_token:r,scope:(e.scope??["openid","profile","email","User.Read"]).join(" ")}),c=await fetch(a,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:o}),s=await c.json();if(!c.ok)throw s;const l=s.expires_in,d="number"==typeof l?Math.floor(Date.now()/1e3)+Math.floor(l):void 0;return{accessToken:s.access_token,refreshToken:s.refresh_token??r,expiresAt:d??null,idToken:s.id_token??null,tokenType:s.token_type??null,scope:s.scope??null}}}}export{n as GitHub,c as Google,u as Microsoft};//# sourceMappingURL=index.js.map
1
+ import{CodeChallengeMethod as e,OAuth2Client as t}from"arctic";var r="https://discord.com/api/oauth2/token";function a(a){const i=new t(a.clientId,a.clientSecret,a.redirectUri??null);function n(e){return e&&e!==a.redirectUri?new t(a.clientId,a.clientSecret,e):i}return{id:"discord",linkOnly:a.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,r,i){const o=n(i?.redirectUri),c=i?.scopes??a.scope??["identify","email"],s=await o.createAuthorizationURLWithPKCE("https://discord.com/api/oauth2/authorize",t,e.S256,r,c);if(i?.params)for(const[e,t]of Object.entries(i.params))null!=t&&s.searchParams.set(e,String(t));return s},async validateCallback(e,t,a){const i=n(a),o=await i.validateAuthorizationCode(r,e,t),c=await async function(e){const t=await fetch("https://discord.com/api/users/@me",{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau"}}),r=await t.json();return{id:r.id,name:r.username,email:r.email,emailVerified:r.verified,avatar:r.avatar?`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.png`:null,raw:r}}(o.accessToken());return{tokens:o,user:c}},async refreshAccessToken(e){const t=new URLSearchParams({client_id:a.clientId,client_secret:a.clientSecret,grant_type:"refresh_token",refresh_token:e}),i=await fetch(r,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:t}),n=await i.json();if(!i.ok)throw n;const o=n.expires_in,c="number"==typeof o?Math.floor(Date.now()/1e3)+Math.floor(o):void 0;return{accessToken:n.access_token,refreshToken:n.refresh_token??e,expiresAt:c??null,idToken:n.id_token??null,tokenType:n.token_type??null,scope:n.scope??null}}}}import{CodeChallengeMethod as i,OAuth2Client as n}from"arctic";function o(e){const t=new n(e.clientId,e.clientSecret,e.redirectUri??null);function r(r){return r&&r!==e.redirectUri?new n(e.clientId,e.clientSecret,r):t}return{id:"facebook",linkOnly:e.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,a,n){const o=r(n?.redirectUri),c=n?.scopes??e.scope??["email","public_profile"],s=await o.createAuthorizationURLWithPKCE("https://www.facebook.com/dialog/oauth",t,i.S256,a,c),l={...e.params??{},...n?.params??{}};if(Object.keys(l).length)for(const[e,t]of Object.entries(l))null!=t&&s.searchParams.set(e,String(t));return s},async validateCallback(e,t,a){const i=r(a),n=await i.validateAuthorizationCode("https://graph.facebook.com/oauth/access_token",e,t),o=await async function(e){const t=new URLSearchParams;t.set("access_token",e),t.set("fields",["id","name","picture","email"].join(","));const r=await fetch(`https://graph.facebook.com/me?${t.toString()}`),a=await r.json();let i=null;return"string"==typeof a.picture?i=a.picture:a.picture&&"object"==typeof a.picture&&"data"in a.picture&&(i=a.picture.data?.url??null),{id:String(a.id),name:a.name??"",email:a.email??null,emailVerified:null,avatar:i,raw:a}}(n.accessToken());return{tokens:n,user:o}}}}import{CodeChallengeMethod as c,OAuth2Client as s}from"arctic";var l="https://api.github.com";function d(e){const t=new s(e.clientId,e.clientSecret,e.redirectUri??null);function r(r){return r&&r!==e.redirectUri?new s(e.clientId,e.clientSecret,r):t}return{id:"github",linkOnly:e.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,a,i){const n=r(i?.redirectUri),o=i?.scopes??e.scope??["read:user","user:email"],s=await n.createAuthorizationURLWithPKCE("https://github.com/login/oauth/authorize",t,c.S256,a,o);if(i?.params)for(const[e,t]of Object.entries(i.params))null!=t&&s.searchParams.set(e,String(t));return s},async validateCallback(e,t,a){const i=r(a),n=await i.validateAuthorizationCode("https://github.com/login/oauth/access_token",e,t),o=await async function(e){const t=await fetch(`${l}/user`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}}),r=await t.json();let a=r.email,i=!1;const n=await fetch(`${l}/user/emails`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}});if(n.ok){const e=await n.json(),t=e.find(e=>e.primary&&e.verified);if(t)a=t.email,i=!0;else{const t=e.find(e=>e.verified);t&&(a=t.email,i=!0)}}return{id:r.id.toString(),name:r.name??r.login,email:a,emailVerified:i,avatar:r.avatar_url,raw:r}}(n.accessToken());return{tokens:n,user:o}}}}import{CodeChallengeMethod as u,OAuth2Client as h}from"arctic";var p="https://oauth2.googleapis.com/token";function m(e){const t=new h(e.clientId,e.clientSecret,e.redirectUri??null);function r(r){return r&&r!==e.redirectUri?new h(e.clientId,e.clientSecret,r):t}return{id:"google",linkOnly:e.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,a,i){const n=r(i?.redirectUri),o=i?.scopes??e.scope??["openid","email","profile"],c=await n.createAuthorizationURLWithPKCE("https://accounts.google.com/o/oauth2/v2/auth",t,u.S256,a,o);if(i?.params)for(const[e,t]of Object.entries(i.params))null!=t&&c.searchParams.set(e,String(t));return c},async validateCallback(e,t,a){const i=r(a),n=await i.validateAuthorizationCode(p,e,t),o=await async function(e){const t=await fetch("https://openidconnect.googleapis.com/v1/userinfo",{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau"}}),r=await t.json();return{id:r.sub,name:r.name,email:r.email,emailVerified:r.email_verified,avatar:r.picture,raw:r}}(n.accessToken());return{tokens:n,user:o}},async refreshAccessToken(t){const r=new URLSearchParams({client_id:e.clientId,client_secret:e.clientSecret,grant_type:"refresh_token",refresh_token:t}),a=await fetch(p,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:r}),i=await a.json();if(!a.ok)throw i;const n=i.expires_in,o="number"==typeof n?Math.floor(Date.now()/1e3)+Math.floor(n):void 0;return{accessToken:i.access_token,refreshToken:i.refresh_token??t,expiresAt:o??null,idToken:i.id_token??null,tokenType:i.token_type??null,scope:i.scope??null}}}}import{CodeChallengeMethod as f,OAuth2Client as k}from"arctic";async function w(e,t){const r=await fetch("https://graph.microsoft.com/v1.0/me",{headers:{Authorization:`Bearer ${e}`}}),a=await r.json();let i=a.mail??a.userPrincipalName,n=!1;if(t)try{const e=t.split("."),r=JSON.parse((new TextDecoder).decode(function(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,a=t.padEnd(t.length+r,"="),i=atob(a),n=i.length,o=new Uint8Array(n);for(let e=0;e<n;e++)o[e]=i.charCodeAt(e);return o}(e[1]))),a="9188040d-6c67-4c5b-b112-36a304b66dad";if(r.verified_primary_email){const e=Array.isArray(r.verified_primary_email)?r.verified_primary_email[0]:r.verified_primary_email;"string"==typeof e&&(i=e,n=!0)}else(r.tid===a||!0===r.xms_edov)&&(i=r.email??i,n=!0)}catch{}const o=await fetch("https://graph.microsoft.com/v1.0/me/photo/$value",{headers:{Authorization:`Bearer ${e}`}});let c=null;if(o.ok)try{const e=await o.blob(),t=new FileReader,r=new Promise((r,a)=>{t.onloadend=()=>r(t.result),t.onerror=a,t.readAsDataURL(e)});c=await r}catch{}return{id:a.id,name:a.displayName,email:i,emailVerified:n,avatar:c,raw:a}}function y(e){const t=e=>({authURL:`https://login.microsoftonline.com/${e}/oauth2/v2.0/authorize`,tokenURL:`https://login.microsoftonline.com/${e}/oauth2/v2.0/token`}),r=new k(e.clientId,e.clientSecret,e.redirectUri??null);function a(t){return t&&t!==e.redirectUri?new k(e.clientId,e.clientSecret,t):r}return{id:"microsoft",linkOnly:e.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(r,i,n){const o=a(n?.redirectUri),c=n?.scopes??e.scope??["openid","profile","email","User.Read"],s=n?.overrides?.tenant??e.tenant??"common",{authURL:l}=t(s),d=await o.createAuthorizationURLWithPKCE(l,r,f.S256,i,c),u=n?.overrides?.prompt??n?.params?.prompt??e.prompt;u&&d.searchParams.set("prompt",u);const h={...e.params??{},...n?.params??{}};if(Object.keys(h).length)for(const[e,t]of Object.entries(h))"prompt"!==e&&null!=t&&d.searchParams.set(e,String(t));return d},async validateCallback(r,i,n,o){const c=a(n),s=o?.tenant??e.tenant??"common",{tokenURL:l}=t(s),d=await c.validateAuthorizationCode(l,r,i),u=await w(d.accessToken(),d.idToken());return{tokens:d,user:u}},async refreshAccessToken(r,a){const i=a?.overrides?.tenant??e.tenant??"common",{tokenURL:n}=t(i),o=new URLSearchParams({client_id:e.clientId,client_secret:e.clientSecret,grant_type:"refresh_token",refresh_token:r,scope:(e.scope??["openid","profile","email","User.Read"]).join(" ")}),c=await fetch(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:o}),s=await c.json();if(!c.ok)throw s;const l=s.expires_in,d="number"==typeof l?Math.floor(Date.now()/1e3)+Math.floor(l):void 0;return{accessToken:s.access_token,refreshToken:s.refresh_token??r,expiresAt:d??null,idToken:s.id_token??null,tokenType:s.token_type??null,scope:s.scope??null}}}}export{a as Discord,o as Facebook,d as GitHub,m as Google,y as Microsoft};//# sourceMappingURL=index.js.map
package/dist/src/oauth/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/oauth/providers/github.ts","../../../src/oauth/providers/google.ts","../../../src/oauth/providers/microsoft.ts"],"sourcesContent":["import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize'\nconst GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nconst GITHUB_API_URL = 'https://api.github.com'\n\ninterface GitHubUser {\n id: number\n login: string\n avatar_url: string\n name: string\n email: string | null\n [key: string]: unknown\n}\n\ninterface GitHubEmail {\n email: string\n primary: boolean\n verified: boolean\n visibility: 'public' | 'private' | null\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(`${GITHUB_API_URL}/user`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n const data: GitHubUser = await response.json()\n\n let email: string | null = data.email\n let emailVerified = false\n\n const emailsResponse = await fetch(`${GITHUB_API_URL}/user/emails`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n\n if (emailsResponse.ok) {\n const emails: GitHubEmail[] = await emailsResponse.json()\n const primaryEmail = emails.find(e => e.primary && e.verified)\n if (primaryEmail) {\n email = primaryEmail.email\n emailVerified = true\n }\n else {\n // Fallback to the first verified email if no primary is found\n const verifiedEmail = emails.find(e => e.verified)\n if (verifiedEmail) {\n email = verifiedEmail.email\n emailVerified = true\n }\n }\n }\n\n return {\n id: data.id.toString(),\n name: data.name ?? data.login,\n email,\n emailVerified,\n avatar: data.avatar_url,\n raw: data,\n }\n}\n\nexport function GitHub(config: OAuthProviderConfig): OAuthProvider<'github', OAuthProviderConfig> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'github',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: any }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['read:user', 'user:email']\n const url = await client.createAuthorizationURLWithPKCE(GITHUB_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n if (options?.params) {\n for (const [k, v] of Object.entries(options.params)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GITHUB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\nconst GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token'\nconst GOOGLE_USERINFO_URL = 'https://openidconnect.googleapis.com/v1/userinfo'\n\ninterface GoogleUser {\n sub: string\n name: string\n email: string | null\n email_verified: boolean\n picture: string | null\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(GOOGLE_USERINFO_URL, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n },\n })\n const data: GoogleUser = await response.json()\n\n return {\n id: data.sub,\n name: data.name,\n email: data.email,\n emailVerified: data.email_verified,\n avatar: data.picture,\n raw: data,\n }\n}\n\nexport function Google(config: OAuthProviderConfig): OAuthProvider<'google'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'google',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: any }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'email', 'profile']\n const url = await client.createAuthorizationURLWithPKCE(GOOGLE_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n if (options?.params) {\n for (const [k, v] of Object.entries(options.params)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GOOGLE_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n\n async refreshAccessToken(refreshToken: string): Promise<RefreshedTokens> {\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n })\n const res = await fetch(GOOGLE_TOKEN_URL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json() as any\n if (!res.ok)\n throw json\n\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc\nconst MICROSOFT_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'\n\n// https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0\nconst MICROSOFT_USER_PHOTO_URL = 'https://graph.microsoft.com/v1.0/me/photo/$value'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#request-an-authorization-code\ninterface MicrosoftConfig extends OAuthProviderConfig {\n tenant?: 'common' | 'organizations' | 'consumers' | (string & {})\n prompt?: 'login' | 'none' | 'consent' | 'select_account' | (string & {})\n}\n\ninterface MicrosoftUser {\n id: string\n displayName: string\n mail: string | null\n userPrincipalName: string\n [key: string]: unknown\n}\n\nfunction base64url_decode(str: string): Uint8Array {\n const base64 = str.replace(/-/g, '+').replace(/_/g, '/')\n const padLength = (4 - (base64.length % 4)) % 4\n const padded = base64.padEnd(base64.length + padLength, '=')\n const binary_string = atob(padded)\n const len = binary_string.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++)\n bytes[i] = binary_string.charCodeAt(i)\n\n return bytes\n}\n\nasync function getUser(accessToken: string, idToken: string | null): Promise<AuthUser> {\n const userResponse = await fetch(MICROSOFT_USER_INFO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n const userData: MicrosoftUser = await userResponse.json()\n\n let email: string | null = userData.mail ?? userData.userPrincipalName\n let emailVerified = false\n if (idToken) {\n try {\n const parts = idToken.split('.')\n const payload = JSON.parse(new TextDecoder().decode(base64url_decode(parts[1]!))) as Record<string, any>\n const personalTenantId = '9188040d-6c67-4c5b-b112-36a304b66dad'\n\n // For work/school accounts, the `verified_primary_email` is the source of truth.\n if (payload.verified_primary_email) {\n const primaryEmail = Array.isArray(payload.verified_primary_email)\n ? payload.verified_primary_email[0]\n : payload.verified_primary_email\n\n if (typeof primaryEmail === 'string') {\n email = primaryEmail\n emailVerified = true\n }\n }\n // For personal accounts, the `email` claim is reliable and verified.\n else if (payload.tid === personalTenantId) {\n email = payload.email ?? email\n emailVerified = true\n }\n // Legacy fallback for `xms_edov`.\n else if (payload.xms_edov === true) {\n email = payload.email ?? email\n emailVerified = true\n }\n }\n catch {\n }\n }\n\n const photoResponse = await fetch(MICROSOFT_USER_PHOTO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n\n let avatar: string | null = null\n if (photoResponse.ok) {\n try {\n const blob = await photoResponse.blob()\n const reader = new FileReader()\n const dataUrlPromise = new Promise<string>((resolve, reject) => {\n reader.onloadend = () => resolve(reader.result as string)\n reader.onerror = reject\n reader.readAsDataURL(blob)\n })\n avatar = await dataUrlPromise\n }\n catch {\n }\n }\n\n return {\n id: userData.id,\n name: userData.displayName,\n email,\n emailVerified,\n avatar,\n raw: userData,\n }\n}\n\nexport function Microsoft(config: MicrosoftConfig): OAuthProvider<'microsoft', MicrosoftConfig> {\n const getEndpoints = (tenant: MicrosoftConfig['tenant']) => ({\n authURL: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`,\n tokenURL: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`,\n })\n\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'microsoft',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: Partial<Pick<MicrosoftConfig, 'tenant' | 'prompt'>> }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'profile', 'email', 'User.Read']\n const effectiveTenant: MicrosoftConfig['tenant'] = options?.overrides?.tenant ?? config.tenant ?? 'common'\n const { authURL } = getEndpoints(effectiveTenant)\n const url = await client.createAuthorizationURLWithPKCE(authURL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n const prompt = options?.overrides?.prompt ?? options?.params?.prompt ?? config.prompt\n if (prompt)\n url.searchParams.set('prompt', prompt)\n const mergedParams = { ...(config.params ?? {}), ...(options?.params ?? {}) }\n if (Object.keys(mergedParams).length) {\n for (const [k, v] of Object.entries(mergedParams)) {\n if (k === 'prompt')\n continue\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string, overrides?: Partial<Pick<MicrosoftConfig, 'tenant'>>) {\n const client = getClient(redirectUri)\n const effectiveTenant: MicrosoftConfig['tenant'] = overrides?.tenant ?? config.tenant ?? 'common'\n const { tokenURL } = getEndpoints(effectiveTenant)\n const tokens = await client.validateAuthorizationCode(tokenURL, code, codeVerifier)\n const user = await getUser(tokens.accessToken(), tokens.idToken())\n return { tokens, user }\n },\n\n async refreshAccessToken(refreshToken: string, options?: { overrides?: Partial<Pick<MicrosoftConfig, 'tenant'>> }): Promise<RefreshedTokens> {\n const effectiveTenant: MicrosoftConfig['tenant'] = options?.overrides?.tenant ?? config.tenant ?? 'common'\n const { tokenURL } = getEndpoints(effectiveTenant)\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n scope: (config.scope ?? ['openid', 'profile', 'email', 'User.Read']).join(' '),\n })\n const res = await fetch(tokenURL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json() as any\n if (!res.ok)\n throw json\n\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n"],"mappings":";AACA,SAAS,qBAAqB,oBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,iBAAiB;AAkBvB,eAAe,QAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,GAAG,cAAc,SAAS;AAAA,IACrD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,MAAI,QAAuB,KAAK;AAChC,MAAI,gBAAgB;AAEpB,QAAM,iBAAiB,MAAM,MAAM,GAAG,cAAc,gBAAgB;AAAA,IAClE,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,MAAI,eAAe,IAAI;AACrB,UAAM,SAAwB,MAAM,eAAe,KAAK;AACxD,UAAM,eAAe,OAAO,KAAK,OAAK,EAAE,WAAW,EAAE,QAAQ;AAC7D,QAAI,cAAc;AAChB,cAAQ,aAAa;AACrB,sBAAgB;AAAA,IAClB,OACK;AAEH,YAAM,gBAAgB,OAAO,KAAK,OAAK,EAAE,QAAQ;AACjD,UAAI,eAAe;AACjB,gBAAQ,cAAc;AACtB,wBAAgB;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,MAAM,KAAK,QAAQ,KAAK;AAAA,IACxB;AAAA,IACA;AAAA,IACA,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAA2E;AAChG,QAAM,gBAAgB,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyG;AACtK,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,aAAa,YAAY;AAC5E,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAO,oBAAoB,MAAM,cAAc,MAAM;AAC9H,UAAI,SAAS,QAAQ;AACnB,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACnD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAM,QAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;ACzGA,SAAS,uBAAAA,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,sBAAsB;AAW5B,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,qBAAqB;AAAA,IAChD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,OAAO,KAAK;AAAA,IACZ,eAAe,KAAK;AAAA,IACpB,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAAsD;AAC3E,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyG;AACtK,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,SAAS,SAAS;AAC/E,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AAC9H,UAAI,SAAS,QAAQ;AACnB,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACnD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,mBAAmB,cAAgD;AACvE,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,MACjB,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,kBAAkB;AAAA,QACxC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AAER,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAE1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;;;ACpGA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAGlD,IAAM,0BAA0B;AAGhC,IAAM,2BAA2B;AAgBjC,SAAS,iBAAiB,KAAyB;AACjD,QAAM,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACvD,QAAM,aAAa,IAAK,OAAO,SAAS,KAAM;AAC9C,QAAM,SAAS,OAAO,OAAO,OAAO,SAAS,WAAW,GAAG;AAC3D,QAAM,gBAAgB,KAAK,MAAM;AACjC,QAAM,MAAM,cAAc;AAC1B,QAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,WAAS,IAAI,GAAG,IAAI,KAAK;AACvB,UAAM,CAAC,IAAI,cAAc,WAAW,CAAC;AAEvC,SAAO;AACT;AAEA,eAAeC,SAAQ,aAAqB,SAA2C;AACrF,QAAM,eAAe,MAAM,MAAM,yBAAyB;AAAA,IACxD,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AACD,QAAM,WAA0B,MAAM,aAAa,KAAK;AAExD,MAAI,QAAuB,SAAS,QAAQ,SAAS;AACrD,MAAI,gBAAgB;AACpB,MAAI,SAAS;AACX,QAAI;AACF,YAAM,QAAQ,QAAQ,MAAM,GAAG;AAC/B,YAAM,UAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,iBAAiB,MAAM,CAAC,CAAE,CAAC,CAAC;AAChF,YAAM,mBAAmB;AAGzB,UAAI,QAAQ,wBAAwB;AAClC,cAAM,eAAe,MAAM,QAAQ,QAAQ,sBAAsB,IAC7D,QAAQ,uBAAuB,CAAC,IAChC,QAAQ;AAEZ,YAAI,OAAO,iBAAiB,UAAU;AACpC,kBAAQ;AACR,0BAAgB;AAAA,QAClB;AAAA,MACF,WAES,QAAQ,QAAQ,kBAAkB;AACzC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB,WAES,QAAQ,aAAa,MAAM;AAClC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB;AAAA,IACF,QACM;AAAA,IACN;AAAA,EACF;AAEA,QAAM,gBAAgB,MAAM,MAAM,0BAA0B;AAAA,IAC1D,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AAED,MAAI,SAAwB;AAC5B,MAAI,cAAc,IAAI;AACpB,QAAI;AACF,YAAM,OAAO,MAAM,cAAc,KAAK;AACtC,YAAM,SAAS,IAAI,WAAW;AAC9B,YAAM,iBAAiB,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC9D,eAAO,YAAY,MAAM,QAAQ,OAAO,MAAgB;AACxD,eAAO,UAAU;AACjB,eAAO,cAAc,IAAI;AAAA,MAC3B,CAAC;AACD,eAAS,MAAM;AAAA,IACjB,QACM;AAAA,IACN;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,SAAS;AAAA,IACb,MAAM,SAAS;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA,KAAK;AAAA,EACP;AACF;AAEO,SAAS,UAAU,QAAsE;AAC9F,QAAM,eAAe,CAAC,YAAuC;AAAA,IAC3D,SAAS,qCAAqC,MAAM;AAAA,IACpD,UAAU,qCAAqC,MAAM;AAAA,EACvD;AAEA,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyJ;AACtN,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW;AAC5F,YAAM,kBAA6C,SAAS,WAAW,UAAU,OAAO,UAAU;AAClG,YAAM,EAAE,QAAQ,IAAI,aAAa,eAAe;AAChD,YAAM,MAAM,MAAM,OAAO,+BAA+B,SAAS,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AACtH,YAAM,SAAS,SAAS,WAAW,UAAU,SAAS,QAAQ,UAAU,OAAO;AAC/E,UAAI;AACF,YAAI,aAAa,IAAI,UAAU,MAAM;AACvC,YAAM,eAAe,EAAE,GAAI,OAAO,UAAU,CAAC,GAAI,GAAI,SAAS,UAAU,CAAC,EAAG;AAC5E,UAAI,OAAO,KAAK,YAAY,EAAE,QAAQ;AACpC,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,YAAY,GAAG;AACjD,cAAI,MAAM;AACR;AACF,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB,WAAsD;AACrI,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,kBAA6C,WAAW,UAAU,OAAO,UAAU;AACzF,YAAM,EAAE,SAAS,IAAI,aAAa,eAAe;AACjD,YAAM,SAAS,MAAM,OAAO,0BAA0B,UAAU,MAAM,YAAY;AAClF,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,GAAG,OAAO,QAAQ,CAAC;AACjE,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,mBAAmB,cAAsB,SAA8F;AAC3I,YAAM,kBAA6C,SAAS,WAAW,UAAU,OAAO,UAAU;AAClG,YAAM,EAAE,SAAS,IAAI,aAAa,eAAe;AACjD,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,QACf,QAAQ,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW,GAAG,KAAK,GAAG;AAAA,MAC/E,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,UAAU;AAAA,QAChC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AAER,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAE1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;","names":["CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser"]}
1
+ {"version":3,"sources":["../../../src/oauth/providers/discord.ts","../../../src/oauth/providers/facebook.ts","../../../src/oauth/providers/github.ts","../../../src/oauth/providers/google.ts","../../../src/oauth/providers/microsoft.ts"],"sourcesContent":["import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst DISCORD_AUTH_URL = 'https://discord.com/api/oauth2/authorize'\nconst DISCORD_TOKEN_URL = 'https://discord.com/api/oauth2/token'\nconst DISCORD_USER_URL = 'https://discord.com/api/users/@me'\n\ninterface DiscordUser {\n id: string\n username: string\n discriminator: string\n avatar: string | null\n email: string | null\n verified: boolean\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(DISCORD_USER_URL, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n },\n })\n const data: DiscordUser = await response.json()\n return {\n id: data.id,\n name: data.username,\n email: data.email,\n emailVerified: data.verified,\n avatar: data.avatar ? `https://cdn.discordapp.com/avatars/${data.id}/${data.avatar}.png` : null,\n raw: data,\n }\n}\n\nexport function Discord(config: OAuthProviderConfig): OAuthProvider<'discord'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n return {\n id: 'discord',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: any }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['identify', 'email']\n const url = await client.createAuthorizationURLWithPKCE(DISCORD_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n if (options?.params) {\n for (const [k, v] of Object.entries(options.params)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(DISCORD_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n async refreshAccessToken(refreshToken: string): Promise<RefreshedTokens> {\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n })\n const res = await fetch(DISCORD_TOKEN_URL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json()\n if (!res.ok)\n throw json\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst FB_GRAPH_ME_URL = 'https://graph.facebook.com/me'\nconst FB_AUTH_URL = 'https://www.facebook.com/dialog/oauth'\nconst FB_TOKEN_URL = 'https://graph.facebook.com/oauth/access_token'\n\ninterface FacebookUserResponse {\n id: string\n name?: string | null\n email?: string | null\n picture?: { data?: { url?: string | null } } | string | null\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const searchParams = new URLSearchParams()\n searchParams.set('access_token', accessToken)\n searchParams.set('fields', ['id', 'name', 'picture', 'email'].join(','))\n\n const response = await fetch(`${FB_GRAPH_ME_URL}?${searchParams.toString()}`)\n const data: FacebookUserResponse = await response.json()\n\n let avatar: string | null = null\n if (typeof data.picture === 'string')\n avatar = data.picture\n else if (data.picture && typeof data.picture === 'object' && 'data' in data.picture)\n avatar = data.picture.data?.url ?? null\n\n return {\n id: String(data.id),\n name: data.name ?? '',\n email: data.email ?? null,\n emailVerified: null,\n avatar,\n raw: data,\n }\n}\n\nexport function Facebook(config: OAuthProviderConfig): OAuthProvider<'facebook', OAuthProviderConfig> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'facebook',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state, codeVerifier, options) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['email', 'public_profile']\n const url = await client.createAuthorizationURLWithPKCE(\n FB_AUTH_URL,\n state,\n CodeChallengeMethod.S256,\n codeVerifier,\n scopes,\n )\n const mergedParams = { ...(config.params ?? {}), ...(options?.params ?? {}) }\n if (Object.keys(mergedParams).length) {\n for (const [k, v] of Object.entries(mergedParams)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code, codeVerifier, redirectUri) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(FB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize'\nconst GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nconst GITHUB_API_URL = 'https://api.github.com'\n\ninterface GitHubUser {\n id: number\n login: string\n avatar_url: string\n name: string\n email: string | null\n [key: string]: unknown\n}\n\ninterface GitHubEmail {\n email: string\n primary: boolean\n verified: boolean\n visibility: 'public' | 'private' | null\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(`${GITHUB_API_URL}/user`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n const data: GitHubUser = await response.json()\n\n let email: string | null = data.email\n let emailVerified = false\n\n const emailsResponse = await fetch(`${GITHUB_API_URL}/user/emails`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n\n if (emailsResponse.ok) {\n const emails: GitHubEmail[] = await emailsResponse.json()\n const primaryEmail = emails.find(e => e.primary && e.verified)\n if (primaryEmail) {\n email = primaryEmail.email\n emailVerified = true\n }\n else {\n // Fallback to the first verified email if no primary is found\n const verifiedEmail = emails.find(e => e.verified)\n if (verifiedEmail) {\n email = verifiedEmail.email\n emailVerified = true\n }\n }\n }\n\n return {\n id: data.id.toString(),\n name: data.name ?? data.login,\n email,\n emailVerified,\n avatar: data.avatar_url,\n raw: data,\n }\n}\n\nexport function GitHub(config: OAuthProviderConfig): OAuthProvider<'github', OAuthProviderConfig> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'github',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: any }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['read:user', 'user:email']\n const url = await client.createAuthorizationURLWithPKCE(GITHUB_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n if (options?.params) {\n for (const [k, v] of Object.entries(options.params)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GITHUB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\nconst GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token'\nconst GOOGLE_USERINFO_URL = 'https://openidconnect.googleapis.com/v1/userinfo'\n\ninterface GoogleUser {\n sub: string\n name: string\n email: string | null\n email_verified: boolean\n picture: string | null\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(GOOGLE_USERINFO_URL, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n },\n })\n const data: GoogleUser = await response.json()\n\n return {\n id: data.sub,\n name: data.name,\n email: data.email,\n emailVerified: data.email_verified,\n avatar: data.picture,\n raw: data,\n }\n}\n\nexport function Google(config: OAuthProviderConfig): OAuthProvider<'google'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'google',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: any }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'email', 'profile']\n const url = await client.createAuthorizationURLWithPKCE(GOOGLE_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n if (options?.params) {\n for (const [k, v] of Object.entries(options.params)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GOOGLE_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n\n async refreshAccessToken(refreshToken: string): Promise<RefreshedTokens> {\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n })\n const res = await fetch(GOOGLE_TOKEN_URL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json() as any\n if (!res.ok)\n throw json\n\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc\nconst MICROSOFT_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'\n\n// https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0\nconst MICROSOFT_USER_PHOTO_URL = 'https://graph.microsoft.com/v1.0/me/photo/$value'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#request-an-authorization-code\ninterface MicrosoftConfig extends OAuthProviderConfig {\n tenant?: 'common' | 'organizations' | 'consumers' | (string & {})\n prompt?: 'login' | 'none' | 'consent' | 'select_account' | (string & {})\n}\n\ninterface MicrosoftUser {\n id: string\n displayName: string\n mail: string | null\n userPrincipalName: string\n [key: string]: unknown\n}\n\nfunction base64url_decode(str: string): Uint8Array {\n const base64 = str.replace(/-/g, '+').replace(/_/g, '/')\n const padLength = (4 - (base64.length % 4)) % 4\n const padded = base64.padEnd(base64.length + padLength, '=')\n const binary_string = atob(padded)\n const len = binary_string.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++)\n bytes[i] = binary_string.charCodeAt(i)\n\n return bytes\n}\n\nasync function getUser(accessToken: string, idToken: string | null): Promise<AuthUser> {\n const userResponse = await fetch(MICROSOFT_USER_INFO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n const userData: MicrosoftUser = await userResponse.json()\n\n let email: string | null = userData.mail ?? userData.userPrincipalName\n let emailVerified = false\n if (idToken) {\n try {\n const parts = idToken.split('.')\n const payload = JSON.parse(new TextDecoder().decode(base64url_decode(parts[1]!))) as Record<string, any>\n const personalTenantId = '9188040d-6c67-4c5b-b112-36a304b66dad'\n\n // For work/school accounts, the `verified_primary_email` is the source of truth.\n if (payload.verified_primary_email) {\n const primaryEmail = Array.isArray(payload.verified_primary_email)\n ? payload.verified_primary_email[0]\n : payload.verified_primary_email\n\n if (typeof primaryEmail === 'string') {\n email = primaryEmail\n emailVerified = true\n }\n }\n // For personal accounts, the `email` claim is reliable and verified.\n else if (payload.tid === personalTenantId) {\n email = payload.email ?? email\n emailVerified = true\n }\n // Legacy fallback for `xms_edov`.\n else if (payload.xms_edov === true) {\n email = payload.email ?? email\n emailVerified = true\n }\n }\n catch {\n }\n }\n\n const photoResponse = await fetch(MICROSOFT_USER_PHOTO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n\n let avatar: string | null = null\n if (photoResponse.ok) {\n try {\n const blob = await photoResponse.blob()\n const reader = new FileReader()\n const dataUrlPromise = new Promise<string>((resolve, reject) => {\n reader.onloadend = () => resolve(reader.result as string)\n reader.onerror = reject\n reader.readAsDataURL(blob)\n })\n avatar = await dataUrlPromise\n }\n catch {\n }\n }\n\n return {\n id: userData.id,\n name: userData.displayName,\n email,\n emailVerified,\n avatar,\n raw: userData,\n }\n}\n\nexport function Microsoft(config: MicrosoftConfig): OAuthProvider<'microsoft', MicrosoftConfig> {\n const getEndpoints = (tenant: MicrosoftConfig['tenant']) => ({\n authURL: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`,\n tokenURL: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`,\n })\n\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'microsoft',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: Partial<Pick<MicrosoftConfig, 'tenant' | 'prompt'>> }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'profile', 'email', 'User.Read']\n const effectiveTenant: MicrosoftConfig['tenant'] = options?.overrides?.tenant ?? config.tenant ?? 'common'\n const { authURL } = getEndpoints(effectiveTenant)\n const url = await client.createAuthorizationURLWithPKCE(authURL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n const prompt = options?.overrides?.prompt ?? options?.params?.prompt ?? config.prompt\n if (prompt)\n url.searchParams.set('prompt', prompt)\n const mergedParams = { ...(config.params ?? {}), ...(options?.params ?? {}) }\n if (Object.keys(mergedParams).length) {\n for (const [k, v] of Object.entries(mergedParams)) {\n if (k === 'prompt')\n continue\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string, overrides?: Partial<Pick<MicrosoftConfig, 'tenant'>>) {\n const client = getClient(redirectUri)\n const effectiveTenant: MicrosoftConfig['tenant'] = overrides?.tenant ?? config.tenant ?? 'common'\n const { tokenURL } = getEndpoints(effectiveTenant)\n const tokens = await client.validateAuthorizationCode(tokenURL, code, codeVerifier)\n const user = await getUser(tokens.accessToken(), tokens.idToken())\n return { tokens, user }\n },\n\n async refreshAccessToken(refreshToken: string, options?: { overrides?: Partial<Pick<MicrosoftConfig, 'tenant'>> }): Promise<RefreshedTokens> {\n const effectiveTenant: MicrosoftConfig['tenant'] = options?.overrides?.tenant ?? config.tenant ?? 'common'\n const { tokenURL } = getEndpoints(effectiveTenant)\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n scope: (config.scope ?? ['openid', 'profile', 'email', 'User.Read']).join(' '),\n })\n const res = await fetch(tokenURL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json() as any\n if (!res.ok)\n throw json\n\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n"],"mappings":";AACA,SAAS,qBAAqB,oBAAoB;AAElD,IAAM,mBAAmB;AACzB,IAAM,oBAAoB;AAC1B,IAAM,mBAAmB;AAYzB,eAAe,QAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,kBAAkB;AAAA,IAC7C,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AACD,QAAM,OAAoB,MAAM,SAAS,KAAK;AAC9C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,OAAO,KAAK;AAAA,IACZ,eAAe,KAAK;AAAA,IACpB,QAAQ,KAAK,SAAS,sCAAsC,KAAK,EAAE,IAAI,KAAK,MAAM,SAAS;AAAA,IAC3F,KAAK;AAAA,EACP;AACF;AAEO,SAAS,QAAQ,QAAuD;AAC7E,QAAM,gBAAgB,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AACvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AACT,WAAO,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AACA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IACrB,MAAM,oBAAoB,OAAe,cAAsB,SAAyG;AACtK,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,YAAY,OAAO;AACtE,YAAM,MAAM,MAAM,OAAO,+BAA+B,kBAAkB,OAAO,oBAAoB,MAAM,cAAc,MAAM;AAC/H,UAAI,SAAS,QAAQ;AACnB,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACnD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,mBAAmB,MAAM,YAAY;AAC3F,YAAM,OAAO,MAAM,QAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IACA,MAAM,mBAAmB,cAAgD;AACvE,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,MACjB,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,mBAAmB;AAAA,QACzC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AACR,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAC1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;;;AC5FA,SAAS,uBAAAA,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,cAAc;AACpB,IAAM,eAAe;AAUrB,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,eAAe,IAAI,gBAAgB;AACzC,eAAa,IAAI,gBAAgB,WAAW;AAC5C,eAAa,IAAI,UAAU,CAAC,MAAM,QAAQ,WAAW,OAAO,EAAE,KAAK,GAAG,CAAC;AAEvE,QAAM,WAAW,MAAM,MAAM,GAAG,eAAe,IAAI,aAAa,SAAS,CAAC,EAAE;AAC5E,QAAM,OAA6B,MAAM,SAAS,KAAK;AAEvD,MAAI,SAAwB;AAC5B,MAAI,OAAO,KAAK,YAAY;AAC1B,aAAS,KAAK;AAAA,WACP,KAAK,WAAW,OAAO,KAAK,YAAY,YAAY,UAAU,KAAK;AAC1E,aAAS,KAAK,QAAQ,MAAM,OAAO;AAErC,SAAO;AAAA,IACL,IAAI,OAAO,KAAK,EAAE;AAAA,IAClB,MAAM,KAAK,QAAQ;AAAA,IACnB,OAAO,KAAK,SAAS;AAAA,IACrB,eAAe;AAAA,IACf;AAAA,IACA,KAAK;AAAA,EACP;AACF;AAEO,SAAS,SAAS,QAA6E;AACpG,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AACT,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAO,cAAc,SAAS;AACtD,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,SAAS,gBAAgB;AAC5E,YAAM,MAAM,MAAM,OAAO;AAAA,QACvB;AAAA,QACA;AAAA,QACAD,qBAAoB;AAAA,QACpB;AAAA,QACA;AAAA,MACF;AACA,YAAM,eAAe,EAAE,GAAI,OAAO,UAAU,CAAC,GAAI,GAAI,SAAS,UAAU,CAAC,EAAG;AAC5E,UAAI,OAAO,KAAK,YAAY,EAAE,QAAQ;AACpC,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,YAAY,GAAG;AACjD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAM,cAAc,aAAa;AACtD,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,cAAc,MAAM,YAAY;AACtF,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;AC/EA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,iBAAiB;AAkBvB,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,GAAG,cAAc,SAAS;AAAA,IACrD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,MAAI,QAAuB,KAAK;AAChC,MAAI,gBAAgB;AAEpB,QAAM,iBAAiB,MAAM,MAAM,GAAG,cAAc,gBAAgB;AAAA,IAClE,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,MAAI,eAAe,IAAI;AACrB,UAAM,SAAwB,MAAM,eAAe,KAAK;AACxD,UAAM,eAAe,OAAO,KAAK,OAAK,EAAE,WAAW,EAAE,QAAQ;AAC7D,QAAI,cAAc;AAChB,cAAQ,aAAa;AACrB,sBAAgB;AAAA,IAClB,OACK;AAEH,YAAM,gBAAgB,OAAO,KAAK,OAAK,EAAE,QAAQ;AACjD,UAAI,eAAe;AACjB,gBAAQ,cAAc;AACtB,wBAAgB;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,MAAM,KAAK,QAAQ,KAAK;AAAA,IACxB;AAAA,IACA;AAAA,IACA,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAA2E;AAChG,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyG;AACtK,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,aAAa,YAAY;AAC5E,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AAC9H,UAAI,SAAS,QAAQ;AACnB,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACnD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;ACzGA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,sBAAsB;AAW5B,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,qBAAqB;AAAA,IAChD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,OAAO,KAAK;AAAA,IACZ,eAAe,KAAK;AAAA,IACpB,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAAsD;AAC3E,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyG;AACtK,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,SAAS,SAAS;AAC/E,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AAC9H,UAAI,SAAS,QAAQ;AACnB,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACnD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,mBAAmB,cAAgD;AACvE,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,MACjB,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,kBAAkB;AAAA,QACxC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AAER,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAE1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;;;ACpGA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAGlD,IAAM,0BAA0B;AAGhC,IAAM,2BAA2B;AAgBjC,SAAS,iBAAiB,KAAyB;AACjD,QAAM,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACvD,QAAM,aAAa,IAAK,OAAO,SAAS,KAAM;AAC9C,QAAM,SAAS,OAAO,OAAO,OAAO,SAAS,WAAW,GAAG;AAC3D,QAAM,gBAAgB,KAAK,MAAM;AACjC,QAAM,MAAM,cAAc;AAC1B,QAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,WAAS,IAAI,GAAG,IAAI,KAAK;AACvB,UAAM,CAAC,IAAI,cAAc,WAAW,CAAC;AAEvC,SAAO;AACT;AAEA,eAAeC,SAAQ,aAAqB,SAA2C;AACrF,QAAM,eAAe,MAAM,MAAM,yBAAyB;AAAA,IACxD,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AACD,QAAM,WAA0B,MAAM,aAAa,KAAK;AAExD,MAAI,QAAuB,SAAS,QAAQ,SAAS;AACrD,MAAI,gBAAgB;AACpB,MAAI,SAAS;AACX,QAAI;AACF,YAAM,QAAQ,QAAQ,MAAM,GAAG;AAC/B,YAAM,UAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,iBAAiB,MAAM,CAAC,CAAE,CAAC,CAAC;AAChF,YAAM,mBAAmB;AAGzB,UAAI,QAAQ,wBAAwB;AAClC,cAAM,eAAe,MAAM,QAAQ,QAAQ,sBAAsB,IAC7D,QAAQ,uBAAuB,CAAC,IAChC,QAAQ;AAEZ,YAAI,OAAO,iBAAiB,UAAU;AACpC,kBAAQ;AACR,0BAAgB;AAAA,QAClB;AAAA,MACF,WAES,QAAQ,QAAQ,kBAAkB;AACzC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB,WAES,QAAQ,aAAa,MAAM;AAClC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB;AAAA,IACF,QACM;AAAA,IACN;AAAA,EACF;AAEA,QAAM,gBAAgB,MAAM,MAAM,0BAA0B;AAAA,IAC1D,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AAED,MAAI,SAAwB;AAC5B,MAAI,cAAc,IAAI;AACpB,QAAI;AACF,YAAM,OAAO,MAAM,cAAc,KAAK;AACtC,YAAM,SAAS,IAAI,WAAW;AAC9B,YAAM,iBAAiB,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC9D,eAAO,YAAY,MAAM,QAAQ,OAAO,MAAgB;AACxD,eAAO,UAAU;AACjB,eAAO,cAAc,IAAI;AAAA,MAC3B,CAAC;AACD,eAAS,MAAM;AAAA,IACjB,QACM;AAAA,IACN;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,SAAS;AAAA,IACb,MAAM,SAAS;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA,KAAK;AAAA,EACP;AACF;AAEO,SAAS,UAAU,QAAsE;AAC9F,QAAM,eAAe,CAAC,YAAuC;AAAA,IAC3D,SAAS,qCAAqC,MAAM;AAAA,IACpD,UAAU,qCAAqC,MAAM;AAAA,EACvD;AAEA,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyJ;AACtN,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW;AAC5F,YAAM,kBAA6C,SAAS,WAAW,UAAU,OAAO,UAAU;AAClG,YAAM,EAAE,QAAQ,IAAI,aAAa,eAAe;AAChD,YAAM,MAAM,MAAM,OAAO,+BAA+B,SAAS,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AACtH,YAAM,SAAS,SAAS,WAAW,UAAU,SAAS,QAAQ,UAAU,OAAO;AAC/E,UAAI;AACF,YAAI,aAAa,IAAI,UAAU,MAAM;AACvC,YAAM,eAAe,EAAE,GAAI,OAAO,UAAU,CAAC,GAAI,GAAI,SAAS,UAAU,CAAC,EAAG;AAC5E,UAAI,OAAO,KAAK,YAAY,EAAE,QAAQ;AACpC,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,YAAY,GAAG;AACjD,cAAI,MAAM;AACR;AACF,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB,WAAsD;AACrI,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,kBAA6C,WAAW,UAAU,OAAO,UAAU;AACzF,YAAM,EAAE,SAAS,IAAI,aAAa,eAAe;AACjD,YAAM,SAAS,MAAM,OAAO,0BAA0B,UAAU,MAAM,YAAY;AAClF,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,GAAG,OAAO,QAAQ,CAAC;AACjE,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,mBAAmB,cAAsB,SAA8F;AAC3I,YAAM,kBAA6C,SAAS,WAAW,UAAU,OAAO,UAAU;AAClG,YAAM,EAAE,SAAS,IAAI,aAAa,eAAe;AACjD,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,QACf,QAAQ,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW,GAAG,KAAK,GAAG;AAAA,MAC/E,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,UAAU;AAAA,QAChC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AAER,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAE1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;","names":["CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser"]}
package/dist/src/oauth/providers/discord.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ import type { OAuthProvider, OAuthProviderConfig } from '../index';
2
+ export declare function Discord(config: OAuthProviderConfig): OAuthProvider<'discord'>;
3
+ //# sourceMappingURL=discord.d.ts.map
package/dist/src/oauth/providers/discord.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"discord.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/discord.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAmB,MAAM,UAAU,CAAA;AAmC7F,wBAAgB,OAAO,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CAAC,SAAS,CAAC,CA0D7E"}
package/dist/src/oauth/providers/facebook.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ import type { OAuthProvider, OAuthProviderConfig } from '../index';
2
+ export declare function Facebook(config: OAuthProviderConfig): OAuthProvider<'facebook', OAuthProviderConfig>;
3
+ //# sourceMappingURL=facebook.d.ts.map
package/dist/src/oauth/providers/facebook.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"facebook.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/facebook.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAuC5E,wBAAgB,QAAQ,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAyCpG"}
package/dist/src/oauth/providers/microsoft.d.ts CHANGED
@@ -1,5 +1,4 @@
1
1
  import type { OAuthProvider, OAuthProviderConfig } from '../index';
2
- // https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#request-an-authorization-code
3
2
  interface MicrosoftConfig extends OAuthProviderConfig {
4
3
  tenant?: 'common' | 'organizations' | 'consumers' | (string & {});
5
4
  prompt?: 'login' | 'none' | 'consent' | 'select_account' | (string & {});
package/dist/src/oauth/providers/microsoft.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/microsoft.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAmB,MAAM,UAAU,CAAA;AAS7F,mHAAmH;AACnH,UAAU,eAAgB,SAAQ,mBAAmB;IACnD,MAAM,CAAC,EAAE,QAAQ,GAAG,eAAe,GAAG,WAAW,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAA;IACjE,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,gBAAgB,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAA;CACzE;AAiGD,wBAAgB,SAAS,CAAC,MAAM,EAAE,eAAe,GAAG,aAAa,CAAC,WAAW,EAAE,eAAe,CAAC,CAoF9F"}
1
+ {"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/microsoft.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAmB,MAAM,UAAU,CAAA;AAU7F,UAAU,eAAgB,SAAQ,mBAAmB;IACnD,MAAM,CAAC,EAAE,QAAQ,GAAG,eAAe,GAAG,WAAW,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAA;IACjE,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,gBAAgB,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAA;CACzE;AAiGD,wBAAgB,SAAS,CAAC,MAAM,EAAE,eAAe,GAAG,aAAa,CAAC,WAAW,EAAE,eAAe,CAAC,CAoF9F"}
package/dist/src/runtimes/index.js CHANGED
@@ -1 +1 @@
1
- import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as Z,setupTauriListener as m,signInWithTauri as p}from"../../chunk-Z35ZTMGZ.js";export{o as handleTauriDeepLink,r as isTauri,Z as linkAccountWithTauri,m as setupTauriListener,p as signInWithTauri};//# sourceMappingURL=index.js.map
1
+ import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t}from"../../chunk-YL3QRKSH.js";export{o as handleTauriDeepLink,r as isTauri,m as linkAccountWithTauri,p as setupTauriListener,t as signInWithTauri};//# sourceMappingURL=index.js.map
package/dist/src/runtimes/tauri/index.js CHANGED
@@ -1 +1 @@
1
- import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as Z,setupTauriListener as m,signInWithTauri as p}from"../../../chunk-Z35ZTMGZ.js";export{o as handleTauriDeepLink,r as isTauri,Z as linkAccountWithTauri,m as setupTauriListener,p as signInWithTauri};//# sourceMappingURL=index.js.map
1
+ import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t}from"../../../chunk-YL3QRKSH.js";export{o as handleTauriDeepLink,r as isTauri,m as linkAccountWithTauri,p as setupTauriListener,t as signInWithTauri};//# sourceMappingURL=index.js.map
package/dist/src/solidstart/index.js CHANGED
@@ -1 +1 @@
1
- import{NULL_SESSION as e,SESSION_COOKIE_NAME as r,createAuth as t,createHandler as n,parseCookies as o}from"../../chunk-3NKNADKP.js";import s from"process";function i(e){const r="providerMap"in e&&"signJWT"in e?e:t(e);r.development="development"===s.env.NODE_ENV;const o=n(r),i=e=>o(e.request);return{GET:i,POST:i,OPTIONS:i}}function a(t){return async function(n){let s=o(n.headers.get("Cookie")).get(r);if(!s){const e=n.headers.get("Authorization");e?.startsWith("Bearer ")&&(s=e.substring(7))}const i=Array.from(t.providerMap.keys());if(!s)return{...e,providers:i};try{const r=await t.validateSession(s);return r?{...r,providers:i}:{...e,providers:i}}catch{return{...e,providers:i}}}}function c(e,r){const n=a("providerMap"in r&&"signJWT"in r?r:t(r));return async r=>{const t=new URL(r.request.url);if("boolean"==typeof e?e:e.includes(t.pathname)){const e=await n(r.request);return void(r.locals.getSession=async()=>e)}r.locals.getSession=()=>n(r.request)}}export{i as SolidAuth,c as authMiddleware,a as createSolidStartGetSession};//# sourceMappingURL=index.js.map
1
+ import{NULL_SESSION as e,SESSION_COOKIE_NAME as r,createAuth as t,createHandler as n,parseCookies as o}from"../../chunk-PJCHBT42.js";import s from"process";function i(e){const r="providerMap"in e&&"signJWT"in e?e:t(e);r.development="development"===s.env.NODE_ENV;const o=n(r),i=e=>o(e.request);return{GET:i,POST:i,OPTIONS:i}}function a(t){return async function(n){let s=o(n.headers.get("Cookie")).get(r);if(!s){const e=n.headers.get("Authorization");e?.startsWith("Bearer ")&&(s=e.substring(7))}const i=Array.from(t.providerMap.keys());if(!s)return{...e,providers:i};try{const r=await t.validateSession(s);return r?{...r,providers:i}:{...e,providers:i}}catch{return{...e,providers:i}}}}function c(e,r){const n=a("providerMap"in r&&"signJWT"in r?r:t(r));return async r=>{const t=new URL(r.request.url);if("boolean"==typeof e?e:e.includes(t.pathname)){const e=await n(r.request);return void(r.locals.getSession=async()=>e)}r.locals.getSession=()=>n(r.request)}}export{i as SolidAuth,c as authMiddleware,a as createSolidStartGetSession};//# sourceMappingURL=index.js.map
package/dist/src/sveltekit/index.js CHANGED
@@ -1 +1 @@
1
- import{NULL_SESSION as e,SESSION_COOKIE_NAME as r,createAuth as t,createHandler as s,parseCookies as n}from"../../chunk-3NKNADKP.js";function o(o){const i="providerMap"in o&&"signJWT"in o?o:t(o);(async()=>{try{i.development=(await import("$app/environment")).dev}catch{i.development=!1}})();const a=s(i),c=e=>a(e.request);return{GET:c,POST:c,OPTIONS:c,handle:async({event:t,resolve:s})=>(t.locals.getSession=async()=>{let s=n(t.request.headers.get("Cookie")).get(r);if(!s){const e=t.request.headers.get("Authorization");e?.startsWith("Bearer ")&&(s=e.substring(7))}const o=Array.from(i.providerMap.keys());if(!s)return{...e,providers:o};try{const r=await i.validateSession(s);return r?{...r,providers:o}:{...e,providers:o}}catch{return{...e,providers:o}}},s(t))}}export{o as SvelteKitAuth};//# sourceMappingURL=index.js.map
1
+ import{NULL_SESSION as e,SESSION_COOKIE_NAME as r,createAuth as t,createHandler as s,parseCookies as n}from"../../chunk-PJCHBT42.js";function o(o){const i="providerMap"in o&&"signJWT"in o?o:t(o);(async()=>{try{i.development=(await import("$app/environment")).dev}catch{i.development=!1}})();const a=s(i),c=e=>a(e.request);return{GET:c,POST:c,OPTIONS:c,handle:async({event:t,resolve:s})=>(t.locals.getSession=async()=>{let s=n(t.request.headers.get("Cookie")).get(r);if(!s){const e=t.request.headers.get("Authorization");e?.startsWith("Bearer ")&&(s=e.substring(7))}const o=Array.from(i.providerMap.keys());if(!s)return{...e,providers:o};try{const r=await i.validateSession(s);return r?{...r,providers:o}:{...e,providers:o}}catch{return{...e,providers:o}}},s(t))}}export{o as SvelteKitAuth};//# sourceMappingURL=index.js.map
package/package.json CHANGED
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "name": "@rttnd/gau",
3
3
  "type": "module",
4
- "version": "0.5.0",
5
- "packageManager": "bun@1.2.21",
4
+ "version": "0.6.1",
5
+ "packageManager": "bun@1.2.23",
6
6
  "description": "gau is a delightful auth library",
7
7
  "license": "MIT",
8
8
  "homepage": "https://github.com/Rettend/gau#readme",
@@ -92,14 +92,16 @@
92
92
  "prepublishOnly": "node -e \"require('fs').copyFileSync('../../README.md', 'README.md')\"",
93
93
  "postpublish": "node -e \"require('fs').unlinkSync('README.md')\"",
94
94
  "dev": "bun run --watch index.ts",
95
- "lint": "eslint . --fix",
96
- "check": "tsc --noEmit --skipLibCheck",
95
+ "lint": "bun --bun eslint . --fix",
96
+ "check": "tsgo --noEmit --skipLibCheck",
97
+ "update": "taze latest -wr",
97
98
  "test": "vitest",
98
99
  "test:ui": "vitest --ui"
99
100
  },
100
101
  "peerDependencies": {
101
102
  "@sveltejs/kit": "^2.25.1",
102
103
  "@tauri-apps/api": "^2.6.0",
104
+ "@tauri-apps/plugin-opener": "^2.3.0",
103
105
  "@tauri-apps/plugin-os": "^2.3.0",
104
106
  "@tauri-apps/plugin-shell": "^2.3.0",
105
107
  "drizzle-orm": "^0.44.3",
@@ -114,6 +116,9 @@
114
116
  "@tauri-apps/api": {
115
117
  "optional": true
116
118
  },
119
+ "@tauri-apps/plugin-opener": {
120
+ "optional": true
121
+ },
117
122
  "@tauri-apps/plugin-os": {
118
123
  "optional": true
119
124
  },
@@ -140,17 +145,18 @@
140
145
  "esm-env": "^1.2.2"
141
146
  },
142
147
  "devDependencies": {
143
- "@antfu/eslint-config": "^5.2.2",
144
- "@libsql/client": "^0.15.14",
148
+ "@antfu/eslint-config": "^5.4.1",
149
+ "@electric-sql/pglite": "^0.3.10",
150
+ "@libsql/client": "^0.15.15",
145
151
  "@types/better-sqlite3": "^7.6.13",
146
- "@types/bun": "^1.2.21",
147
- "@types/node": "^24.3.1",
152
+ "@types/bun": "^1.2.23",
153
+ "@types/node": "^24.6.2",
148
154
  "@vitest/coverage-v8": "^3.2.4",
149
155
  "@vitest/ui": "^3.2.4",
150
- "better-sqlite3": "^12.2.0",
156
+ "better-sqlite3": "^12.4.1",
151
157
  "bumpp": "^10.2.3",
152
- "drizzle-kit": "^0.31.4",
153
- "eslint": "^9.35.0",
158
+ "drizzle-kit": "^0.31.5",
159
+ "eslint": "^9.37.0",
154
160
  "vitest": "^3.2.4"
155
161
  }
156
162
  }