@rttnd/gau 0.5.0 → 0.7.1

package/dist/src/client/solid/Protected.d.ts

@@ -0,0 +1,4 @@
+import type { Accessor, JSXElement, VoidComponent } from 'solid-js';
+import type { GauSession, ProviderIds } from '../../core';
+export declare function Protected<const TAuth = unknown>(page: (session: Accessor<GauSession<ProviderIds<TAuth>>>) => JSXElement, fallbackOrRedirect?: (() => JSXElement) | string): VoidComponent;
+//# sourceMappingURL=Protected.d.ts.map

package/dist/src/client/solid/Protected.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Protected.d.ts","sourceRoot":"","sources":["../../../../src/client/solid/Protected.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAMzD,wBAAgB,SAAS,CAAC,KAAK,CAAC,KAAK,GAAG,OAAO,EAC7C,IAAI,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,UAAU,EACvE,kBAAkB,CAAC,EAAE,CAAC,MAAM,UAAU,CAAC,GAAG,MAAM,GAC/C,aAAa,CA0Bf"}

package/dist/src/client/solid/index.d.ts

@@ -1,4 +1,4 @@
-import type { Accessor, JSXElement, ParentProps, VoidComponent } from 'solid-js';
+import type { Accessor, ParentProps } from 'solid-js';
 import type { GauSession, ProfileName, ProviderIds } from '../../core';
 interface AuthContextValue<TAuth = unknown> {
     session: Accessor<GauSession<ProviderIds<TAuth>>>;
@@ -12,6 +12,7 @@ interface AuthContextValue<TAuth = unknown> {
     }) => Promise<void>;
     unlinkAccount: (provider: ProviderIds<TAuth>) => Promise<void>;
     signOut: () => Promise<void>;
+    refresh: () => Promise<void>;
 }
 export declare function AuthProvider<const TAuth = unknown>(props: ParentProps & {
     auth?: TAuth;
@@ -20,6 +21,5 @@ export declare function AuthProvider<const TAuth = unknown>(props: ParentProps &
     redirectTo?: string;
 }): import("solid-js").JSX.Element;
 export declare function useAuth<const TAuth = unknown>(): AuthContextValue<TAuth>;
-export declare function Protected<const TAuth = unknown>(page: (session: Accessor<GauSession<ProviderIds<TAuth>>>) => JSXElement, fallbackOrRedirect?: (() => JSXElement) | string): VoidComponent;
-export {};
+export { Protected } from './Protected';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/client/solid/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/client/solid/index.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAChF,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAOtE,UAAU,gBAAgB,CAAC,KAAK,GAAG,OAAO;IACxC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IACjD,MAAM,EAAE,CAAC,CAAC,SAAS,WAAW,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACxI,WAAW,EAAE,CAAC,CAAC,SAAS,WAAW,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7I,aAAa,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,KAAK,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC9D,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAC7B;AAID,wBAAgB,YAAY,CAAC,KAAK,CAAC,KAAK,GAAG,OAAO,EAAE,KAAK,EAAE,WAAW,GAAG;IAAE,IAAI,CAAC,EAAE,KAAK,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,kCA6IhJ;AAED,wBAAgB,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,OAAO,KAAK,gBAAgB,CAAC,KAAK,CAAC,CAKxE;AAED,wBAAgB,SAAS,CAAC,KAAK,CAAC,KAAK,GAAG,OAAO,EAC7C,IAAI,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,UAAU,EACvE,kBAAkB,CAAC,EAAE,CAAC,MAAM,UAAU,CAAC,GAAG,MAAM,GAC/C,aAAa,CAyBf"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/client/solid/index.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AACrD,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAOtE,UAAU,gBAAgB,CAAC,KAAK,GAAG,OAAO;IACxC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IACjD,MAAM,EAAE,CAAC,CAAC,SAAS,WAAW,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACxI,WAAW,EAAE,CAAC,CAAC,SAAS,WAAW,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7I,aAAa,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,KAAK,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC9D,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5B,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAC7B;AAID,wBAAgB,YAAY,CAAC,KAAK,CAAC,KAAK,GAAG,OAAO,EAAE,KAAK,EAAE,WAAW,GAAG;IAAE,IAAI,CAAC,EAAE,KAAK,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,kCAgGhJ;AAED,wBAAgB,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,OAAO,KAAK,gBAAgB,CAAC,KAAK,CAAC,CAKxE;AAED,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA"}

package/dist/src/client/solid/index.jsx

@@ -1,32 +1,12 @@
-// src/client/solid/index.tsx
-import { createContext, createResource, onCleanup, onMount, Show, untrack, useContext } from "solid-js";
-import { isServer } from "solid-js/web";
-
-// src/core/cookies.ts
-import { parse, serialize } from "cookie";
-var CSRF_MAX_AGE = 60 * 10;
-
-// src/jwt/jwt.ts
-import {
-  createJWTSignatureMessage,
-  encodeJWT,
-  JWSRegisteredHeaders,
-  JWTRegisteredClaims,
-  parseJWT
-} from "@oslojs/jwt";
-
-// src/oauth/utils.ts
-import { generateCodeVerifier, generateState } from "arctic";
-
-// src/core/index.ts
-var NULL_SESSION = {
-  user: null,
-  session: null,
-  accounts: null
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
 };
-
-// src/runtimes/tauri/index.ts
-import { BROWSER as BROWSER2 } from "esm-env";
 
 // src/client/token.ts
 import { BROWSER } from "esm-env";
@@ -53,8 +33,23 @@ function clearSessionToken() {
   } catch {
   }
 }
+var init_token = __esm({
+  "src/client/token.ts"() {
+    "use strict";
+  }
+});
 
 // src/runtimes/tauri/index.ts
+var tauri_exports = {};
+__export(tauri_exports, {
+  handleTauriDeepLink: () => handleTauriDeepLink,
+  isTauri: () => isTauri,
+  linkAccountWithTauri: () => linkAccountWithTauri,
+  setupTauriListener: () => setupTauriListener,
+  signInWithTauri: () => signInWithTauri,
+  startAuthBridge: () => startAuthBridge
+});
+import { BROWSER as BROWSER2 } from "esm-env";
 function isTauri() {
   return BROWSER2 && "__TAURI_INTERNALS__" in globalThis;
 }
@@ -62,7 +57,7 @@ async function signInWithTauri(provider, baseUrl, scheme = "gau", redirectOverri
   if (!isTauri())
     return;
   const { platform } = await import("@tauri-apps/plugin-os");
-  const { open } = await import("@tauri-apps/plugin-shell");
+  const { openUrl } = await import("@tauri-apps/plugin-opener");
   const currentPlatform = platform();
   let redirectTo;
   if (redirectOverride)
@@ -74,9 +69,9 @@ async function signInWithTauri(provider, baseUrl, scheme = "gau", redirectOverri
   const params = new URLSearchParams();
   params.set("redirectTo", redirectTo);
   if (profile)
-    params.set("profile", profile);
+    params.set("profile", String(profile));
   const authUrl = `${baseUrl}/${provider}?${params.toString()}`;
-  await open(authUrl);
+  await openUrl(authUrl);
 }
 async function setupTauriListener(handler) {
   if (!isTauri())
@@ -104,7 +99,7 @@ async function linkAccountWithTauri(provider, baseUrl, scheme = "gau", redirectO
   if (!isTauri())
     return;
   const { platform } = await import("@tauri-apps/plugin-os");
-  const { open } = await import("@tauri-apps/plugin-shell");
+  const { openUrl } = await import("@tauri-apps/plugin-opener");
   const currentPlatform = platform();
   let redirectTo;
   if (redirectOverride)
@@ -122,9 +117,217 @@ async function linkAccountWithTauri(provider, baseUrl, scheme = "gau", redirectO
   params.set("redirectTo", redirectTo);
   params.set("token", token);
   if (profile)
-    params.set("profile", profile);
+    params.set("profile", String(profile));
   const linkUrl = `${baseUrl}/link/${provider}?${params.toString()}`;
-  await open(linkUrl);
+  await openUrl(linkUrl);
+}
+async function startAuthBridge(baseUrl, scheme, onToken) {
+  if (!isTauri())
+    return;
+  const unlisten = await setupTauriListener(async (url) => {
+    handleTauriDeepLink(url, baseUrl, scheme, onToken);
+  });
+  return unlisten;
+}
+var init_tauri = __esm({
+  "src/runtimes/tauri/index.ts"() {
+    "use strict";
+    init_token();
+  }
+});
+
+// src/client/solid/index.tsx
+import { createContext, createResource, onCleanup, onMount as onMount2, untrack, useContext } from "solid-js";
+import { isServer as isServer2 } from "solid-js/web";
+
+// src/core/cookies.ts
+import { parse, serialize } from "cookie";
+var CSRF_MAX_AGE = 60 * 10;
+
+// src/jwt/jwt.ts
+import {
+  createJWTSignatureMessage,
+  encodeJWT,
+  JWSRegisteredHeaders,
+  JWTRegisteredClaims,
+  parseJWT
+} from "@oslojs/jwt";
+
+// src/oauth/utils.ts
+import { generateCodeVerifier, generateState } from "arctic";
+
+// src/core/index.ts
+var NULL_SESSION = {
+  user: null,
+  session: null,
+  accounts: null
+};
+
+// src/client/solid/index.tsx
+init_tauri();
+
+// src/client/vanilla/index.ts
+init_token();
+function buildQuery(params) {
+  const q = new URLSearchParams();
+  for (const [k, v] of Object.entries(params)) {
+    if (v != null && v !== "")
+      q.set(k, String(v));
+  }
+  const s = q.toString();
+  return s ? `?${s}` : "";
+}
+function createAuthClient({ baseUrl }) {
+  let currentSession = { user: null, session: null, accounts: null, providers: [] };
+  const listeners = /* @__PURE__ */ new Set();
+  const notify = () => {
+    for (const l of listeners)
+      l(currentSession);
+  };
+  async function fetchSession() {
+    const token = getSessionToken();
+    const headers = token ? { Authorization: `Bearer ${token}` } : void 0;
+    const res = await fetch(`${baseUrl}/session`, token ? { headers } : { credentials: "include" });
+    const contentType = res.headers.get("content-type");
+    if (contentType?.includes("application/json"))
+      return await res.json();
+    return { user: null, session: null, accounts: null, providers: [] };
+  }
+  async function refreshSession() {
+    const next = await fetchSession();
+    currentSession = next;
+    notify();
+    return next;
+  }
+  async function applySessionToken(token) {
+    try {
+      storeSessionToken(token);
+    } finally {
+      await refreshSession();
+    }
+  }
+  function onSessionChange(listener) {
+    listeners.add(listener);
+    return () => listeners.delete(listener);
+  }
+  async function handleRedirectCallback(replaceUrl) {
+    if (typeof window === "undefined")
+      return false;
+    if (window.location.hash === "#_=_") {
+      const cleanUrl2 = window.location.pathname + window.location.search;
+      if (replaceUrl)
+        replaceUrl(cleanUrl2);
+      else
+        window.history.replaceState(null, "", cleanUrl2);
+      return false;
+    }
+    const hash = window.location.hash?.substring(1) ?? "";
+    if (!hash)
+      return false;
+    const params = new URLSearchParams(hash);
+    const token = params.get("token");
+    if (!token)
+      return false;
+    await applySessionToken(token);
+    const cleanUrl = window.location.pathname + window.location.search;
+    if (replaceUrl)
+      replaceUrl(cleanUrl);
+    else
+      window.history.replaceState(null, "", cleanUrl);
+    return true;
+  }
+  function makeProviderUrl(provider, params) {
+    const q = buildQuery({
+      redirectTo: params?.redirectTo,
+      profile: params?.profile != null ? String(params.profile) : void 0
+    });
+    return `${baseUrl}/${provider}${q}`;
+  }
+  function makeLinkUrl(provider, params) {
+    const q = buildQuery({
+      redirectTo: params.redirectTo,
+      profile: params.profile != null ? String(params.profile) : void 0,
+      redirect: params.redirect
+    });
+    return `${baseUrl}/link/${provider}${q}`;
+  }
+  async function signIn(provider, options) {
+    const url = makeProviderUrl(provider, options);
+    return url;
+  }
+  async function linkAccount(provider, options) {
+    const linkUrl = makeLinkUrl(provider, { redirectTo: options?.redirectTo, profile: options?.profile, redirect: "false" });
+    const token = getSessionToken();
+    const fetchOptions = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: "include" };
+    const res = await fetch(linkUrl, fetchOptions);
+    if (res.redirected)
+      return res.url;
+    try {
+      const data = await res.json();
+      if (data?.url)
+        return data.url;
+    } catch {
+    }
+    return linkUrl;
+  }
+  async function unlinkAccount(provider) {
+    const token = getSessionToken();
+    const fetchOptions = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: "include" };
+    const res = await fetch(`${baseUrl}/unlink/${provider}`, { method: "POST", ...fetchOptions });
+    if (res.ok) {
+      await refreshSession();
+      return true;
+    }
+    return false;
+  }
+  async function signOut() {
+    clearSessionToken();
+    const token = getSessionToken();
+    const headers = token ? { Authorization: `Bearer ${token}` } : void 0;
+    await fetch(`${baseUrl}/signout`, token ? { method: "POST", headers } : { method: "POST", credentials: "include" });
+    await refreshSession();
+  }
+  return {
+    get session() {
+      return currentSession;
+    },
+    fetchSession,
+    refreshSession,
+    applySessionToken,
+    handleRedirectCallback,
+    onSessionChange,
+    signIn,
+    linkAccount,
+    unlinkAccount,
+    signOut
+  };
+}
+
+// src/client/solid/Protected.tsx
+import { useNavigate } from "@solidjs/router";
+import { onMount, Show } from "solid-js";
+import { isServer } from "solid-js/web";
+function Protected(page, fallbackOrRedirect) {
+  return () => {
+    const auth = useAuth();
+    const navigate = useNavigate();
+    const isRedirectMode = typeof fallbackOrRedirect === "string" || fallbackOrRedirect === void 0;
+    const redirectTo = isRedirectMode ? fallbackOrRedirect ?? "/" : void 0;
+    const Fallback = !isRedirectMode ? fallbackOrRedirect : void 0;
+    const Redirect = () => {
+      onMount(() => {
+        if (!isServer && redirectTo)
+          navigate(redirectTo, { replace: true });
+      });
+      return null;
+    };
+    return <Show
+      when={auth.session().user}
+      fallback={isRedirectMode ? <Redirect /> : Fallback ? <Fallback /> : null}
+    >
+        {page(auth.session)}
+      </Show>;
+  };
 }
 
 // src/client/solid/index.tsx
@@ -132,16 +335,13 @@ var AuthContext = createContext();
 function AuthProvider(props) {
   const scheme = untrack(() => props.scheme ?? "gau");
   const baseUrl = untrack(() => props.baseUrl ?? "/api/auth");
+  const client = createAuthClient({
+    baseUrl
+  });
   const fetchSession = async () => {
-    if (isServer)
+    if (isServer2)
       return { ...NULL_SESSION, providers: [] };
-    const token = getSessionToken();
-    const headers = token ? { Authorization: `Bearer ${token}` } : void 0;
-    const res = await fetch(`${baseUrl}/session`, token ? { headers } : { credentials: "include" });
-    const contentType = res.headers.get("content-type");
-    if (contentType?.includes("application/json"))
-      return res.json();
-    return { ...NULL_SESSION, providers: [] };
+    return client.refreshSession();
   };
   const [session, { refetch }] = createResource(
     fetchSession,
@@ -149,96 +349,69 @@ function AuthProvider(props) {
   );
   async function signIn(provider, { redirectTo, profile } = {}) {
     let finalRedirectTo = redirectTo ?? props.redirectTo;
-    if (isTauri()) {
-      await signInWithTauri(provider, baseUrl, scheme, finalRedirectTo, profile);
-    } else {
-      if (!finalRedirectTo && !isServer)
-        finalRedirectTo = window.location.origin;
-      const params = new URLSearchParams();
-      if (finalRedirectTo)
-        params.set("redirectTo", finalRedirectTo);
-      if (profile)
-        params.set("profile", String(profile));
-      const q = params.toString();
-      const authUrl = `${baseUrl}/${provider}${q ? `?${q}` : ""}`;
-      window.location.href = authUrl;
+    if (!finalRedirectTo && !isServer2)
+      finalRedirectTo = window.location.origin;
+    if (!isServer2 && isTauri()) {
+      const { signInWithTauri: signInWithTauri2 } = await Promise.resolve().then(() => (init_tauri(), tauri_exports));
+      await signInWithTauri2(provider, baseUrl, scheme, finalRedirectTo, profile);
+      return;
     }
+    const url = await client.signIn(provider, { redirectTo: finalRedirectTo, profile });
+    if (!isServer2)
+      window.location.href = url;
   }
   async function linkAccount(provider, { redirectTo, profile } = {}) {
-    if (isTauri()) {
-      await linkAccountWithTauri(provider, baseUrl, scheme, redirectTo, profile);
+    if (!isServer2 && isTauri()) {
+      const { linkAccountWithTauri: linkAccountWithTauri2 } = await Promise.resolve().then(() => (init_tauri(), tauri_exports));
+      await linkAccountWithTauri2(provider, baseUrl, scheme, redirectTo, profile);
       return;
     }
     let finalRedirectTo = redirectTo ?? props.redirectTo;
-    if (!finalRedirectTo && !isServer)
+    if (!finalRedirectTo && !isServer2)
       finalRedirectTo = window.location.href;
-    const params = new URLSearchParams();
-    if (finalRedirectTo)
-      params.set("redirectTo", finalRedirectTo);
-    if (profile)
-      params.set("profile", String(profile));
-    params.set("redirect", "false");
-    const linkUrl = `${baseUrl}/link/${provider}?${params.toString()}`;
-    const token = getSessionToken();
-    const fetchOptions = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: "include" };
-    const res = await fetch(linkUrl, fetchOptions);
-    if (res.redirected) {
-      window.location.href = res.url;
-    } else {
-      const data = await res.json();
-      if (data.url)
-        window.location.href = data.url;
-    }
+    const url = await client.linkAccount(provider, { redirectTo: finalRedirectTo, profile });
+    if (!isServer2)
+      window.location.href = url;
   }
   async function unlinkAccount(provider) {
-    const token = getSessionToken();
-    const fetchOptions = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: "include" };
-    const res = await fetch(`${baseUrl}/unlink/${provider}`, {
-      method: "POST",
-      ...fetchOptions
-    });
-    if (res.ok)
+    const ok = await client.unlinkAccount(provider);
+    if (ok)
       refetch();
     else
-      console.error("Failed to unlink account", await res.json());
+      console.error("Failed to unlink account");
   }
   const signOut = async () => {
-    clearSessionToken();
-    const token = getSessionToken();
-    const headers = token ? { Authorization: `Bearer ${token}` } : void 0;
-    await fetch(`${baseUrl}/signout`, token ? { method: "POST", headers } : { method: "POST", credentials: "include" });
+    await client.signOut();
     refetch();
   };
-  onMount(() => {
+  onMount2(() => {
     if (!isTauri()) {
-      const hash = new URL(window.location.href).hash.substring(1);
-      const params = new URLSearchParams(hash);
-      const tokenParam = params.get("token");
-      if (tokenParam) {
-        storeSessionToken(tokenParam);
-        refetch();
-        window.history.replaceState(null, "", window.location.pathname + window.location.search);
-      }
-    }
-    if (!isTauri())
+      void (async () => {
+        const handled = await client.handleRedirectCallback();
+        if (handled)
+          refetch();
+      })();
       return;
+    }
     let disposed = false;
-    setupTauriListener(async (url) => {
-      handleTauriDeepLink(url, baseUrl, scheme, (token) => {
-        storeSessionToken(token);
+    void (async () => {
+      const { startAuthBridge: startAuthBridge2 } = await Promise.resolve().then(() => (init_tauri(), tauri_exports));
+      const unlisten = await startAuthBridge2(baseUrl, scheme, async (token) => {
+        await client.applySessionToken(token);
         refetch();
       });
-    }).then((unlisten) => {
       if (disposed)
         unlisten?.();
       else if (unlisten)
         onCleanup(() => unlisten());
-    });
+    })();
     onCleanup(() => {
       disposed = true;
     });
   });
-  return <AuthContext.Provider value={{ session, signIn, linkAccount, unlinkAccount, signOut }}>
+  return <AuthContext.Provider value={{ session, signIn, linkAccount, unlinkAccount, signOut, refresh: async () => {
+    await refetch();
+  } }}>
       {props.children}
     </AuthContext.Provider>;
 }
@@ -248,27 +421,6 @@ function useAuth() {
     throw new Error("useAuth must be used within an AuthProvider");
   return context;
 }
-function Protected(page, fallbackOrRedirect) {
-  return () => {
-    const auth = useAuth();
-    const isRedirectMode = typeof fallbackOrRedirect === "string" || fallbackOrRedirect === void 0;
-    const redirectTo = isRedirectMode ? fallbackOrRedirect ?? "/" : void 0;
-    const Fallback = !isRedirectMode ? fallbackOrRedirect : void 0;
-    const Redirect = () => {
-      onMount(() => {
-        if (!isServer && redirectTo)
-          window.location.replace(redirectTo);
-      });
-      return null;
-    };
-    return <Show
-      when={auth.session().user}
-      fallback={isRedirectMode ? <Redirect /> : Fallback ? <Fallback /> : null}
-    >
-        {page(auth.session)}
-      </Show>;
-  };
-}
 export {
   AuthProvider,
   Protected,

package/dist/src/client/svelte/Protected/index.svelte

@@ -0,0 +1,32 @@
+<script lang='ts'>
+  import type { Snippet } from 'svelte'
+  // @ts-expect-error svelte-kit
+  import { goto } from '$app/navigation'
+  import { BROWSER } from 'esm-env'
+  import { useAuth } from '../index.svelte'
+
+  type Props = {
+    redirectTo?: string
+    fallback?: Snippet
+    children: Snippet
+  }
+
+  const { redirectTo = '/', fallback, children }: Props = $props()
+
+  const auth = useAuth()
+
+  $effect(() => {
+    if (BROWSER && !auth.isLoading && !auth.session?.user)
+      goto(redirectTo)
+  })
+</script>
+
+{#if auth.isLoading}
+  {#if fallback}
+    {@render fallback()}
+  {/if}
+{:else if auth.session?.user}
+  {@render children()}
+{:else if fallback}
+  {@render fallback()}
+{/if}

package/dist/src/client/svelte/index.svelte.js

@@ -1 +1 @@
-import{BROWSER as t}from"esm-env";import{getContext as e,setContext as n}from"svelte";import{parse as o,serialize as i}from"cookie";import{createJWTSignatureMessage as a,encodeJWT as r,JWSRegisteredHeaders as s,JWTRegisteredClaims as c,parseJWT as l}from"@oslojs/jwt";import{generateCodeVerifier as u,generateState as p}from"arctic";var d={user:null,session:null,accounts:null};import{BROWSER as f}from"esm-env";import{BROWSER as w}from"esm-env";function h(t){if(w)try{localStorage.setItem("gau-token",t),document.cookie=`__gau-session-token=${t}; path=/; max-age=31536000; samesite=lax; secure`}catch{}}function m(){return w?localStorage.getItem("gau-token"):null}function g(){return f&&"__TAURI_INTERNALS__"in globalThis}var k=Symbol("gau-auth");function S({baseUrl:e="/api/auth",scheme:o="gau",redirectTo:i}={}){let a=$state({...d,providers:[]});async function r(){if(!t)return void(a={...d,providers:[]});const n=m(),o=n?{Authorization:`Bearer ${n}`}:void 0,i=await fetch(`${e}/session`,n?{headers:o}:{credentials:"include"}),r=i.headers.get("content-type");a=r?.includes("application/json")?await i.json():{...d,providers:[]}}if(t){const t=new URL(window.location.href).hash.substring(1),e=new URLSearchParams(t).get("token");e?(h(e),(async()=>{let t=t=>window.history.replaceState(null,"",t);try{const e="$app/navigation",{replaceState:n}=await import(e);t=t=>n(t,{})}catch{}t(window.location.pathname+window.location.search),await r()})()):r()}$effect(()=>{if(!t||!g())return;let n,i=!1;return async function(t){if(!g())return;const{listen:e}=await import("@tauri-apps/api/event");try{return await e("deep-link",async e=>{await t(e.payload)})}catch(t){console.error(t)}}(async t=>{!function(t,e,n,o){const i=new URL(t);if(i.protocol!==`${n}:`&&i.origin!==new URL(e).origin)return;const a=new URLSearchParams(i.hash.substring(1)).get("token");a&&o(a)}(t,e,o,async t=>{h(t),await r()})}).then(t=>{i?t?.():n=t}),()=>{i=!0,n?.()}});const s={get session(){return a},signIn:async function(n,{redirectTo:a,profile:r}={}){let s=a??i;if(g())await async function(t,e,n="gau",o,i){if(!g())return;const{platform:a}=await import("@tauri-apps/plugin-os"),{open:r}=await import("@tauri-apps/plugin-shell"),s=a();let c;c=o||("android"===s||"ios"===s?new URL(e).origin:`${n}://oauth/callback`);const l=new URLSearchParams;l.set("redirectTo",c),i&&l.set("profile",i);const u=`${e}/${t}?${l.toString()}`;await r(u)}(n,e,o,s,r);else{!s&&t&&(s=window.location.origin);const o=new URLSearchParams;s&&o.set("redirectTo",s),r&&o.set("profile",String(r));const i=o.toString();window.location.href=`${e}/${n}${i?`?${i}`:""}`}},linkAccount:async function(n,{redirectTo:a,profile:r}={}){if(g())return void await async function(t,e,n="gau",o,i){if(!g())return;const{platform:a}=await import("@tauri-apps/plugin-os"),{open:r}=await import("@tauri-apps/plugin-shell"),s=a();let c;c=o||("android"===s||"ios"===s?new URL(e).origin:`${n}://oauth/callback`);const l=m();if(!l)return void console.error("No session token found, cannot link account.");const u=new URLSearchParams;u.set("redirectTo",c),u.set("token",l),i&&u.set("profile",i);const p=`${e}/link/${t}?${u.toString()}`;await r(p)}(n,e,o,a,r);let s=a??i;!s&&t&&(s=window.location.href);const c=new URLSearchParams;s&&c.set("redirectTo",s),r&&c.set("profile",String(r)),c.set("redirect","false");const l=`${e}/link/${n}?${c.toString()}`,u=m(),p=u?{headers:{Authorization:`Bearer ${u}`}}:{credentials:"include"},d=await fetch(l,p);if(d.redirected)window.location.href=d.url;else try{const t=await d.json();t.url&&(window.location.href=t.url)}catch(t){console.error("Failed to parse response from link endpoint",t)}},unlinkAccount:async function(t){const n=m(),o=n?{headers:{Authorization:`Bearer ${n}`}}:{credentials:"include"},i=await fetch(`${e}/unlink/${t}`,{method:"POST",...o});i.ok?await r():console.error("Failed to unlink account",await i.json())},signOut:async function(){!function(){if(w)try{localStorage.removeItem("gau-token"),document.cookie="__gau-session-token=; path=/; max-age=0"}catch{}}();const t=m(),n=t?{Authorization:`Bearer ${t}`}:void 0;await fetch(`${e}/signout`,t?{method:"POST",headers:n}:{method:"POST",credentials:"include"}),await r()}};n(k,s)}function y(){const t=e(k);if(!t)throw new Error("useAuth must be used within an AuthProvider");return t}export{S as createSvelteAuth,y as useAuth};//# sourceMappingURL=index.svelte.js.map
+var n=Object.defineProperty,t=Object.getOwnPropertyNames,e=(n,e)=>function(){return n&&(e=(0,n[t(n)[0]])(n=0)),e};import{BROWSER as i}from"esm-env";function r(){return i?localStorage.getItem("gau-token"):null}var o=e({"src/client/token.ts"(){}}),a={};((t,e)=>{for(var i in e)n(t,i,{get:e[i],enumerable:!0})})(a,{handleTauriDeepLink:()=>f,isTauri:()=>c,linkAccountWithTauri:()=>d,setupTauriListener:()=>l,signInWithTauri:()=>u,startAuthBridge:()=>w});import{BROWSER as s}from"esm-env";function c(){return s&&"__TAURI_INTERNALS__"in globalThis}async function u(n,t,e="gau",i,r){if(!c())return;const{platform:o}=await import("@tauri-apps/plugin-os"),{openUrl:a}=await import("@tauri-apps/plugin-opener"),s=o();let u;u=i||("android"===s||"ios"===s?new URL(t).origin:`${e}://oauth/callback`);const l=new URLSearchParams;l.set("redirectTo",u),r&&l.set("profile",String(r));const f=`${t}/${n}?${l.toString()}`;await a(f)}async function l(n){if(!c())return;const{listen:t}=await import("@tauri-apps/api/event");try{return await t("deep-link",async t=>{await n(t.payload)})}catch(n){console.error(n)}}function f(n,t,e,i){const r=new URL(n);if(r.protocol!==`${e}:`&&r.origin!==new URL(t).origin)return;const o=new URLSearchParams(r.hash.substring(1)).get("token");o&&i(o)}async function d(n,t,e="gau",i,o){if(!c())return;const{platform:a}=await import("@tauri-apps/plugin-os"),{openUrl:s}=await import("@tauri-apps/plugin-opener"),u=a();let l;l=i||("android"===u||"ios"===u?new URL(t).origin:`${e}://oauth/callback`);const f=r();if(!f)return void console.error("No session token found, cannot link account.");const d=new URLSearchParams;d.set("redirectTo",l),d.set("token",f),o&&d.set("profile",String(o));const w=`${t}/link/${n}?${d.toString()}`;await s(w)}async function w(n,t,e){if(!c())return;return await l(async i=>{f(i,n,t,e)})}var p=e({"src/runtimes/tauri/index.ts"(){o()}});import{replaceState as h}from"$app/navigation";import{BROWSER as g}from"esm-env";import{getContext as m,onMount as y,setContext as k}from"svelte";import{parse as S,serialize as v}from"cookie";import{createJWTSignatureMessage as T,encodeJWT as A,JWSRegisteredHeaders as R,JWTRegisteredClaims as b,parseJWT as U}from"@oslojs/jwt";import{generateCodeVerifier as P,generateState as L}from"arctic";var O={user:null,session:null,accounts:null};function _(n){const t=new URLSearchParams;for(const[e,i]of Object.entries(n))null!=i&&""!==i&&t.set(e,String(i));const e=t.toString();return e?`?${e}`:""}function I({baseUrl:n}){let t={user:null,session:null,accounts:null,providers:[]};const e=new Set;async function o(){const t=r(),e=t?{Authorization:`Bearer ${t}`}:void 0,i=await fetch(`${n}/session`,t?{headers:e}:{credentials:"include"}),o=i.headers.get("content-type");return o?.includes("application/json")?await i.json():{user:null,session:null,accounts:null,providers:[]}}async function a(){const n=await o();return t=n,(()=>{for(const n of e)n(t)})(),n}async function s(n){try{!function(n){if(i)try{localStorage.setItem("gau-token",n),document.cookie=`__gau-session-token=${n}; path=/; max-age=31536000; samesite=lax; secure`}catch{}}(n)}finally{await a()}}return{get session(){return t},fetchSession:o,refreshSession:a,applySessionToken:s,handleRedirectCallback:async function(n){if("undefined"==typeof window)return!1;if("#_=_"===window.location.hash){const t=window.location.pathname+window.location.search;return n?n(t):window.history.replaceState(null,"",t),!1}const t=window.location.hash?.substring(1)??"";if(!t)return!1;const e=new URLSearchParams(t).get("token");if(!e)return!1;await s(e);const i=window.location.pathname+window.location.search;return n?n(i):window.history.replaceState(null,"",i),!0},onSessionChange:function(n){return e.add(n),()=>e.delete(n)},signIn:async function(t,e){return function(t,e){const i=_({redirectTo:e?.redirectTo,profile:null!=e?.profile?String(e.profile):void 0});return`${n}/${t}${i}`}(t,e)},linkAccount:async function(t,e){const i=function(t,e){const i=_({redirectTo:e.redirectTo,profile:null!=e.profile?String(e.profile):void 0,redirect:e.redirect});return`${n}/link/${t}${i}`}(t,{redirectTo:e?.redirectTo,profile:e?.profile,redirect:"false"}),o=r(),a=o?{headers:{Authorization:`Bearer ${o}`}}:{credentials:"include"},s=await fetch(i,a);if(s.redirected)return s.url;try{const n=await s.json();if(n?.url)return n.url}catch{}return i},unlinkAccount:async function(t){const e=r(),i=e?{headers:{Authorization:`Bearer ${e}`}}:{credentials:"include"};return!!(await fetch(`${n}/unlink/${t}`,{method:"POST",...i})).ok&&(await a(),!0)},signOut:async function(){!function(){if(i)try{localStorage.removeItem("gau-token"),document.cookie="__gau-session-token=; path=/; max-age=0"}catch{}}();const t=r(),e=t?{Authorization:`Bearer ${t}`}:void 0;await fetch(`${n}/signout`,t?{method:"POST",headers:e}:{method:"POST",credentials:"include"}),await a()}}}p(),o();var j=Symbol("gau-auth");function B({baseUrl:n="/api/auth",scheme:t="gau",redirectTo:e}={}){const i=I({baseUrl:n}),r=async()=>g?i.refreshSession():{...O,providers:[]};let o=$state({...O,providers:[]}),s=$state(!0);y(()=>{if(!g)return;let e;(async()=>{await i.handleRedirectCallback(async n=>async function(n){try{h(n,{})}catch{g&&window.history.replaceState(null,"",n)}}(n))||(o=await r()),s=!1})();let u=!1;return c()?((async()=>{const{startAuthBridge:s}=await Promise.resolve().then(()=>(p(),a)),c=await s(n,t,async n=>{await i.applySessionToken(n),o=await r()});u?c?.():e=c})(),()=>{u=!0,e?.()}):void 0});k(j,{get session(){return o},get isLoading(){return s},signIn:async function(r,{redirectTo:o,profile:s}={}){let u=o??e;if(!u&&g&&(u=window.location.origin),c()){const{signInWithTauri:e}=await Promise.resolve().then(()=>(p(),a));return void await e(r,n,t,u,s)}const l=await i.signIn(r,{redirectTo:u,profile:s});g&&(window.location.href=l)},linkAccount:async function(r,{redirectTo:o,profile:s}={}){if(c()){const{linkAccountWithTauri:e}=await Promise.resolve().then(()=>(p(),a));return void await e(r,n,t,o,s)}let u=o??e;!u&&g&&(u=window.location.href);const l=await i.linkAccount(r,{redirectTo:u,profile:s});g&&(window.location.href=l)},unlinkAccount:async function(n){await i.unlinkAccount(n)?o=await r():console.error("Failed to unlink account")},signOut:async function(){await i.signOut(),o=await r()},refresh:async()=>{o=await r()}})}function W(){const n=m(j);if(!n)throw new Error("useAuth must be used within an AuthProvider");return n}export{B as createSvelteAuth,W as useAuth};//# sourceMappingURL=index.svelte.js.map