@rttnd/gau 1.2.4 → 1.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunk-PL7MV7OC.js +1 -0
- package/dist/chunk-PL7MV7OC.js.map +1 -0
- package/dist/chunk-VZVZ2KXR.js +1 -0
- package/dist/chunk-VZVZ2KXR.js.map +1 -0
- package/dist/src/client/solid/index.d.ts +1 -0
- package/dist/src/client/solid/index.d.ts.map +1 -1
- package/dist/src/client/solid/index.jsx +33 -6
- package/dist/src/client/svelte/index.svelte.d.ts +1 -0
- package/dist/src/client/svelte/index.svelte.d.ts.map +1 -1
- package/dist/src/client/svelte/index.svelte.js +1 -1
- package/dist/src/client/svelte/index.svelte.js.map +1 -1
- package/dist/src/client/token.d.ts +3 -0
- package/dist/src/client/token.d.ts.map +1 -1
- package/dist/src/client/vanilla/index.d.ts +2 -1
- package/dist/src/client/vanilla/index.d.ts.map +1 -1
- package/dist/src/client/vanilla/index.js +1 -1
- package/dist/src/client/vanilla/index.js.map +1 -1
- package/dist/src/core/createAuth.d.ts +27 -6
- package/dist/src/core/createAuth.d.ts.map +1 -1
- package/dist/src/core/handlers/callback.d.ts.map +1 -1
- package/dist/src/core/handlers/index.js +1 -1
- package/dist/src/core/handlers/link.d.ts.map +1 -1
- package/dist/src/core/handlers/session.d.ts.map +1 -1
- package/dist/src/core/index.d.ts +2 -0
- package/dist/src/core/index.d.ts.map +1 -1
- package/dist/src/core/index.js +1 -1
- package/dist/src/core/utils.d.ts +10 -0
- package/dist/src/core/utils.d.ts.map +1 -0
- package/dist/src/index.js +1 -1
- package/dist/src/jwt/index.js +1 -1
- package/dist/src/oauth/index.js +1 -1
- package/dist/src/oauth/index.js.map +1 -1
- package/dist/src/oauth/providers/facebook.d.ts.map +1 -1
- package/dist/src/runtimes/index.js +1 -1
- package/dist/src/runtimes/tauri/index.js +1 -1
- package/dist/src/solidstart/index.d.ts +23 -3
- package/dist/src/solidstart/index.d.ts.map +1 -1
- package/dist/src/solidstart/index.js +1 -1
- package/dist/src/solidstart/index.js.map +1 -1
- package/dist/src/sveltekit/index.d.ts +21 -3
- package/dist/src/sveltekit/index.d.ts.map +1 -1
- package/dist/src/sveltekit/index.js +1 -1
- package/dist/src/sveltekit/index.js.map +1 -1
- package/package.json +1 -1
- package/dist/chunk-GVRQST3R.js +0 -1
- package/dist/chunk-GVRQST3R.js.map +0 -1
- package/dist/chunk-XUNWIMPF.js +0 -1
- package/dist/chunk-XUNWIMPF.js.map +0 -1
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
export type SessionTokenSource = 'cookie' | 'bearer';
|
|
2
|
+
/**
|
|
3
|
+
* Extract the session token from a Request.
|
|
4
|
+
* Prefers Cookie, then falls back to Authorization: Bearer.
|
|
5
|
+
*/
|
|
6
|
+
export declare function getSessionTokenFromRequest(request: Request): {
|
|
7
|
+
token?: string;
|
|
8
|
+
source?: SessionTokenSource;
|
|
9
|
+
};
|
|
10
|
+
//# sourceMappingURL=utils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/core/utils.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,kBAAkB,GAAG,QAAQ,GAAG,QAAQ,CAAA;AAEpD;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,OAAO,GAAG;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,kBAAkB,CAAA;CAAE,CAW5G"}
|
package/dist/src/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CLIENT_CHALLENGE_COOKIE_NAME as m,CSRF_COOKIE_NAME as p,CSRF_MAX_AGE as t,Cookies as
|
|
1
|
+
import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CLIENT_CHALLENGE_COOKIE_NAME as m,CSRF_COOKIE_NAME as p,CSRF_MAX_AGE as t,Cookies as V,DEFAULT_COOKIE_SERIALIZE_OPTIONS as Z,LINKING_TOKEN_COOKIE_NAME as c,NULL_SESSION as e,PKCE_COOKIE_NAME as f,PROVIDER_OPTIONS_COOKIE_NAME as h,REFRESHED_TOKEN_HEADER as i,SESSION_COOKIE_NAME as j,SESSION_STRATEGY_COOKIE_NAME as k,createAuth as n,createHandler as s,getSessionTokenFromRequest as u,json as x,parseCookies as K,redirect as R}from"../chunk-VZVZ2KXR.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CLIENT_CHALLENGE_COOKIE_NAME,p as CSRF_COOKIE_NAME,t as CSRF_MAX_AGE,V as Cookies,Z as DEFAULT_COOKIE_SERIALIZE_OPTIONS,c as LINKING_TOKEN_COOKIE_NAME,e as NULL_SESSION,f as PKCE_COOKIE_NAME,h as PROVIDER_OPTIONS_COOKIE_NAME,i as REFRESHED_TOKEN_HEADER,j as SESSION_COOKIE_NAME,k as SESSION_STRATEGY_COOKIE_NAME,n as createAuth,s as createHandler,u as getSessionTokenFromRequest,x as json,K as parseCookies,R as redirect};//# sourceMappingURL=index.js.map
|
package/dist/src/jwt/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{sign as o,verify as r}from"../../chunk-
|
|
1
|
+
import{sign as o,verify as r}from"../../chunk-VZVZ2KXR.js";export{o as sign,r as verify};//# sourceMappingURL=index.js.map
|
package/dist/src/oauth/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{CodeChallengeMethod as e,OAuth2Client as t}from"arctic";var r="https://discord.com/api/oauth2/token";function a(a){const i=new t(a.clientId,a.clientSecret,a.redirectUri??null);function n(e){return e&&e!==a.redirectUri?new t(a.clientId,a.clientSecret,e):i}return{id:"discord",linkOnly:a.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,r,i){const o=n(i?.redirectUri),c=i?.scopes??a.scope??["identify","email"],s=await o.createAuthorizationURLWithPKCE("https://discord.com/api/oauth2/authorize",t,e.S256,r,c);if(i?.params)for(const[e,t]of Object.entries(i.params))null!=t&&s.searchParams.set(e,String(t));return s},async validateCallback(e,t,a){const i=n(a),o=await i.validateAuthorizationCode(r,e,t),c=await async function(e){const t=await fetch("https://discord.com/api/users/@me",{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau"}}),r=await t.json();return{id:r.id,name:r.username,email:r.email,emailVerified:r.verified,avatar:r.avatar?`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.png`:null,raw:r}}(o.accessToken());return{tokens:o,user:c}},async refreshAccessToken(e){const t=new URLSearchParams({client_id:a.clientId,client_secret:a.clientSecret,grant_type:"refresh_token",refresh_token:e}),i=await fetch(r,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:t}),n=await i.json();if(!i.ok)throw n;const o=n.expires_in,c="number"==typeof o?Math.floor(Date.now()/1e3)+Math.floor(o):void 0;return{accessToken:n.access_token,refreshToken:n.refresh_token??e,expiresAt:c??null,idToken:n.id_token??null,tokenType:n.token_type??null,scope:n.scope??null}}}}import{CodeChallengeMethod as i,OAuth2Client as n}from"arctic";function o(e){const t=new n(e.clientId,e.clientSecret,e.redirectUri??null);function r(r){return r&&r!==e.redirectUri?new n(e.clientId,e.clientSecret,r):t}return{id:"facebook",linkOnly:e.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,a,n){const o=r(n?.redirectUri),c=n?.scopes??e.scope??["email","public_profile"],s=await o.createAuthorizationURLWithPKCE("https://www.facebook.com/dialog/oauth",t,i.S256,a,c),l={...e.params??{},...n?.params??{}};if(Object.keys(l).length)for(const[e,t]of Object.entries(l))null!=t&&s.searchParams.set(e,String(t));return s},async validateCallback(e,t,a){const i=r(a),n=await i.validateAuthorizationCode("https://graph.facebook.com/oauth/access_token",e,t),o=await async function(e){const t=new URLSearchParams;t.set("
|
|
1
|
+
import{CodeChallengeMethod as e,OAuth2Client as t}from"arctic";var r="https://discord.com/api/oauth2/token";function a(a){const i=new t(a.clientId,a.clientSecret,a.redirectUri??null);function n(e){return e&&e!==a.redirectUri?new t(a.clientId,a.clientSecret,e):i}return{id:"discord",linkOnly:a.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,r,i){const o=n(i?.redirectUri),c=i?.scopes??a.scope??["identify","email"],s=await o.createAuthorizationURLWithPKCE("https://discord.com/api/oauth2/authorize",t,e.S256,r,c);if(i?.params)for(const[e,t]of Object.entries(i.params))null!=t&&s.searchParams.set(e,String(t));return s},async validateCallback(e,t,a){const i=n(a),o=await i.validateAuthorizationCode(r,e,t),c=await async function(e){const t=await fetch("https://discord.com/api/users/@me",{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau"}}),r=await t.json();return{id:r.id,name:r.username,email:r.email,emailVerified:r.verified,avatar:r.avatar?`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.png`:null,raw:r}}(o.accessToken());return{tokens:o,user:c}},async refreshAccessToken(e){const t=new URLSearchParams({client_id:a.clientId,client_secret:a.clientSecret,grant_type:"refresh_token",refresh_token:e}),i=await fetch(r,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:t}),n=await i.json();if(!i.ok)throw n;const o=n.expires_in,c="number"==typeof o?Math.floor(Date.now()/1e3)+Math.floor(o):void 0;return{accessToken:n.access_token,refreshToken:n.refresh_token??e,expiresAt:c??null,idToken:n.id_token??null,tokenType:n.token_type??null,scope:n.scope??null}}}}import{CodeChallengeMethod as i,OAuth2Client as n}from"arctic";function o(e){const t=new n(e.clientId,e.clientSecret,e.redirectUri??null);function r(r){return r&&r!==e.redirectUri?new n(e.clientId,e.clientSecret,r):t}return{id:"facebook",linkOnly:e.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,a,n){const o=r(n?.redirectUri),c=n?.scopes??e.scope??["email","public_profile"],s=await o.createAuthorizationURLWithPKCE("https://www.facebook.com/dialog/oauth",t,i.S256,a,c),l={...e.params??{},...n?.params??{}};if(Object.keys(l).length)for(const[e,t]of Object.entries(l))null!=t&&s.searchParams.set(e,String(t));return s},async validateCallback(e,t,a){const i=r(a),n=await i.validateAuthorizationCode("https://graph.facebook.com/oauth/access_token",e,t),o=await async function(e){const t=new URLSearchParams;t.set("fields",["id","name","picture","email"].join(","));const r=await fetch(`https://graph.facebook.com/me?${t.toString()}`,{headers:{Authorization:`Bearer ${e}`}}),a=await r.json();let i=null;return"string"==typeof a.picture?i=a.picture:a.picture&&"object"==typeof a.picture&&"data"in a.picture&&(i=a.picture.data?.url??null),{id:String(a.id),name:a.name??"",email:a.email??null,emailVerified:!!a.email||null,avatar:i,raw:a}}(n.accessToken());return{tokens:n,user:o}}}}import{CodeChallengeMethod as c,OAuth2Client as s}from"arctic";var l="https://api.github.com";function d(e){const t=new s(e.clientId,e.clientSecret,e.redirectUri??null);function r(r){return r&&r!==e.redirectUri?new s(e.clientId,e.clientSecret,r):t}return{id:"github",linkOnly:e.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,a,i){const n=r(i?.redirectUri),o=i?.scopes??e.scope??["read:user","user:email"],s=await n.createAuthorizationURLWithPKCE("https://github.com/login/oauth/authorize",t,c.S256,a,o);if(i?.params)for(const[e,t]of Object.entries(i.params))null!=t&&s.searchParams.set(e,String(t));return s},async validateCallback(e,t,a){const i=r(a),n=await i.validateAuthorizationCode("https://github.com/login/oauth/access_token",e,t),o=await async function(e){const t=await fetch(`${l}/user`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}}),r=await t.json();let a=r.email,i=!1;const n=await fetch(`${l}/user/emails`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}});if(n.ok){const e=await n.json(),t=e.find(e=>e.primary&&e.verified);if(t)a=t.email,i=!0;else{const t=e.find(e=>e.verified);t&&(a=t.email,i=!0)}}return{id:r.id.toString(),name:r.name??r.login,email:a,emailVerified:i,avatar:r.avatar_url,raw:r}}(n.accessToken());return{tokens:n,user:o}}}}import{CodeChallengeMethod as u,OAuth2Client as h}from"arctic";var p="https://oauth2.googleapis.com/token";function m(e){const t=new h(e.clientId,e.clientSecret,e.redirectUri??null);function r(r){return r&&r!==e.redirectUri?new h(e.clientId,e.clientSecret,r):t}return{id:"google",linkOnly:e.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(t,a,i){const n=r(i?.redirectUri),o=i?.scopes??e.scope??["openid","email","profile"],c=await n.createAuthorizationURLWithPKCE("https://accounts.google.com/o/oauth2/v2/auth",t,u.S256,a,o);if(i?.params)for(const[e,t]of Object.entries(i.params))null!=t&&c.searchParams.set(e,String(t));return c},async validateCallback(e,t,a){const i=r(a),n=await i.validateAuthorizationCode(p,e,t),o=await async function(e){const t=await fetch("https://openidconnect.googleapis.com/v1/userinfo",{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau"}}),r=await t.json();return{id:r.sub,name:r.name,email:r.email,emailVerified:r.email_verified,avatar:r.picture,raw:r}}(n.accessToken());return{tokens:n,user:o}},async refreshAccessToken(t){const r=new URLSearchParams({client_id:e.clientId,client_secret:e.clientSecret,grant_type:"refresh_token",refresh_token:t}),a=await fetch(p,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:r}),i=await a.json();if(!a.ok)throw i;const n=i.expires_in,o="number"==typeof n?Math.floor(Date.now()/1e3)+Math.floor(n):void 0;return{accessToken:i.access_token,refreshToken:i.refresh_token??t,expiresAt:o??null,idToken:i.id_token??null,tokenType:i.token_type??null,scope:i.scope??null}}}}import{CodeChallengeMethod as f,OAuth2Client as k}from"arctic";async function w(e,t){const r=await fetch("https://graph.microsoft.com/v1.0/me",{headers:{Authorization:`Bearer ${e}`}}),a=await r.json();let i=a.mail??a.userPrincipalName,n=!1;if(t)try{const e=t.split("."),r=JSON.parse((new TextDecoder).decode(function(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,a=t.padEnd(t.length+r,"="),i=atob(a),n=i.length,o=new Uint8Array(n);for(let e=0;e<n;e++)o[e]=i.charCodeAt(e);return o}(e[1]))),a="9188040d-6c67-4c5b-b112-36a304b66dad";if(r.verified_primary_email){const e=Array.isArray(r.verified_primary_email)?r.verified_primary_email[0]:r.verified_primary_email;"string"==typeof e&&(i=e,n=!0)}else(r.tid===a||!0===r.xms_edov)&&(i=r.email??i,n=!0)}catch{}const o=await fetch("https://graph.microsoft.com/v1.0/me/photo/$value",{headers:{Authorization:`Bearer ${e}`}});let c=null;if(o.ok)try{const e=await o.blob(),t=new FileReader,r=new Promise((r,a)=>{t.onloadend=()=>r(t.result),t.onerror=a,t.readAsDataURL(e)});c=await r}catch{}return{id:a.id,name:a.displayName,email:i,emailVerified:n,avatar:c,raw:a}}function y(e){const t=e=>({authURL:`https://login.microsoftonline.com/${e}/oauth2/v2.0/authorize`,tokenURL:`https://login.microsoftonline.com/${e}/oauth2/v2.0/token`}),r=new k(e.clientId,e.clientSecret,e.redirectUri??null);function a(t){return t&&t!==e.redirectUri?new k(e.clientId,e.clientSecret,t):r}return{id:"microsoft",linkOnly:e.linkOnly,requiresRedirectUri:!0,async getAuthorizationUrl(r,i,n){const o=a(n?.redirectUri),c=n?.scopes??e.scope??["openid","profile","email","User.Read"],s=n?.overrides?.tenant??e.tenant??"common",{authURL:l}=t(s),d=await o.createAuthorizationURLWithPKCE(l,r,f.S256,i,c),u=n?.overrides?.prompt??n?.params?.prompt??e.prompt;u&&d.searchParams.set("prompt",u);const h={...e.params??{},...n?.params??{}};if(Object.keys(h).length)for(const[e,t]of Object.entries(h))"prompt"!==e&&null!=t&&d.searchParams.set(e,String(t));return d},async validateCallback(r,i,n,o){const c=a(n),s=o?.tenant??e.tenant??"common",{tokenURL:l}=t(s),d=await c.validateAuthorizationCode(l,r,i),u=await w(d.accessToken(),d.idToken());return{tokens:d,user:u}},async refreshAccessToken(r,a){const i=a?.overrides?.tenant??e.tenant??"common",{tokenURL:n}=t(i),o=new URLSearchParams({client_id:e.clientId,client_secret:e.clientSecret,grant_type:"refresh_token",refresh_token:r,scope:(e.scope??["openid","profile","email","User.Read"]).join(" ")}),c=await fetch(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:o}),s=await c.json();if(!c.ok)throw s;const l=s.expires_in,d="number"==typeof l?Math.floor(Date.now()/1e3)+Math.floor(l):void 0;return{accessToken:s.access_token,refreshToken:s.refresh_token??r,expiresAt:d??null,idToken:s.id_token??null,tokenType:s.token_type??null,scope:s.scope??null}}}}export{a as Discord,o as Facebook,d as GitHub,m as Google,y as Microsoft};//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/oauth/providers/discord.ts","../../../src/oauth/providers/facebook.ts","../../../src/oauth/providers/github.ts","../../../src/oauth/providers/google.ts","../../../src/oauth/providers/microsoft.ts"],"sourcesContent":["import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst DISCORD_AUTH_URL = 'https://discord.com/api/oauth2/authorize'\nconst DISCORD_TOKEN_URL = 'https://discord.com/api/oauth2/token'\nconst DISCORD_USER_URL = 'https://discord.com/api/users/@me'\n\ninterface DiscordUser {\n id: string\n username: string\n discriminator: string\n avatar: string | null\n email: string | null\n verified: boolean\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(DISCORD_USER_URL, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n },\n })\n const data: DiscordUser = await response.json()\n return {\n id: data.id,\n name: data.username,\n email: data.email,\n emailVerified: data.verified,\n avatar: data.avatar ? `https://cdn.discordapp.com/avatars/${data.id}/${data.avatar}.png` : null,\n raw: data,\n }\n}\n\nexport function Discord(config: OAuthProviderConfig): OAuthProvider<'discord'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n return {\n id: 'discord',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: any }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['identify', 'email']\n const url = await client.createAuthorizationURLWithPKCE(DISCORD_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n if (options?.params) {\n for (const [k, v] of Object.entries(options.params)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(DISCORD_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n async refreshAccessToken(refreshToken: string): Promise<RefreshedTokens> {\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n })\n const res = await fetch(DISCORD_TOKEN_URL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json()\n if (!res.ok)\n throw json\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst FB_GRAPH_ME_URL = 'https://graph.facebook.com/me'\nconst FB_AUTH_URL = 'https://www.facebook.com/dialog/oauth'\nconst FB_TOKEN_URL = 'https://graph.facebook.com/oauth/access_token'\n\ninterface FacebookUserResponse {\n id: string\n name?: string | null\n email?: string | null\n picture?: { data?: { url?: string | null } } | string | null\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const searchParams = new URLSearchParams()\n searchParams.set('access_token', accessToken)\n searchParams.set('fields', ['id', 'name', 'picture', 'email'].join(','))\n\n const response = await fetch(`${FB_GRAPH_ME_URL}?${searchParams.toString()}`)\n const data: FacebookUserResponse = await response.json()\n\n let avatar: string | null = null\n if (typeof data.picture === 'string')\n avatar = data.picture\n else if (data.picture && typeof data.picture === 'object' && 'data' in data.picture)\n avatar = data.picture.data?.url ?? null\n\n return {\n id: String(data.id),\n name: data.name ?? '',\n email: data.email ?? null,\n emailVerified: null,\n avatar,\n raw: data,\n }\n}\n\nexport function Facebook(config: OAuthProviderConfig): OAuthProvider<'facebook', OAuthProviderConfig> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'facebook',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state, codeVerifier, options) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['email', 'public_profile']\n const url = await client.createAuthorizationURLWithPKCE(\n FB_AUTH_URL,\n state,\n CodeChallengeMethod.S256,\n codeVerifier,\n scopes,\n )\n const mergedParams = { ...(config.params ?? {}), ...(options?.params ?? {}) }\n if (Object.keys(mergedParams).length) {\n for (const [k, v] of Object.entries(mergedParams)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code, codeVerifier, redirectUri) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(FB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize'\nconst GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nconst GITHUB_API_URL = 'https://api.github.com'\n\ninterface GitHubUser {\n id: number\n login: string\n avatar_url: string\n name: string\n email: string | null\n [key: string]: unknown\n}\n\ninterface GitHubEmail {\n email: string\n primary: boolean\n verified: boolean\n visibility: 'public' | 'private' | null\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(`${GITHUB_API_URL}/user`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n const data: GitHubUser = await response.json()\n\n let email: string | null = data.email\n let emailVerified = false\n\n const emailsResponse = await fetch(`${GITHUB_API_URL}/user/emails`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n\n if (emailsResponse.ok) {\n const emails: GitHubEmail[] = await emailsResponse.json()\n const primaryEmail = emails.find(e => e.primary && e.verified)\n if (primaryEmail) {\n email = primaryEmail.email\n emailVerified = true\n }\n else {\n // Fallback to the first verified email if no primary is found\n const verifiedEmail = emails.find(e => e.verified)\n if (verifiedEmail) {\n email = verifiedEmail.email\n emailVerified = true\n }\n }\n }\n\n return {\n id: data.id.toString(),\n name: data.name ?? data.login,\n email,\n emailVerified,\n avatar: data.avatar_url,\n raw: data,\n }\n}\n\nexport function GitHub(config: OAuthProviderConfig): OAuthProvider<'github', OAuthProviderConfig> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'github',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: any }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['read:user', 'user:email']\n const url = await client.createAuthorizationURLWithPKCE(GITHUB_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n if (options?.params) {\n for (const [k, v] of Object.entries(options.params)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GITHUB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\nconst GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token'\nconst GOOGLE_USERINFO_URL = 'https://openidconnect.googleapis.com/v1/userinfo'\n\ninterface GoogleUser {\n sub: string\n name: string\n email: string | null\n email_verified: boolean\n picture: string | null\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(GOOGLE_USERINFO_URL, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n },\n })\n const data: GoogleUser = await response.json()\n\n return {\n id: data.sub,\n name: data.name,\n email: data.email,\n emailVerified: data.email_verified,\n avatar: data.picture,\n raw: data,\n }\n}\n\nexport function Google(config: OAuthProviderConfig): OAuthProvider<'google'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'google',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: any }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'email', 'profile']\n const url = await client.createAuthorizationURLWithPKCE(GOOGLE_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n if (options?.params) {\n for (const [k, v] of Object.entries(options.params)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GOOGLE_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n\n async refreshAccessToken(refreshToken: string): Promise<RefreshedTokens> {\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n })\n const res = await fetch(GOOGLE_TOKEN_URL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json() as any\n if (!res.ok)\n throw json\n\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc\nconst MICROSOFT_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'\n\n// https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0\nconst MICROSOFT_USER_PHOTO_URL = 'https://graph.microsoft.com/v1.0/me/photo/$value'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#request-an-authorization-code\ninterface MicrosoftConfig extends OAuthProviderConfig {\n tenant?: 'common' | 'organizations' | 'consumers' | (string & {})\n prompt?: 'login' | 'none' | 'consent' | 'select_account' | (string & {})\n}\n\ninterface MicrosoftUser {\n id: string\n displayName: string\n mail: string | null\n userPrincipalName: string\n [key: string]: unknown\n}\n\nfunction base64url_decode(str: string): Uint8Array {\n const base64 = str.replace(/-/g, '+').replace(/_/g, '/')\n const padLength = (4 - (base64.length % 4)) % 4\n const padded = base64.padEnd(base64.length + padLength, '=')\n const binary_string = atob(padded)\n const len = binary_string.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++)\n bytes[i] = binary_string.charCodeAt(i)\n\n return bytes\n}\n\nasync function getUser(accessToken: string, idToken: string | null): Promise<AuthUser> {\n const userResponse = await fetch(MICROSOFT_USER_INFO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n const userData: MicrosoftUser = await userResponse.json()\n\n let email: string | null = userData.mail ?? userData.userPrincipalName\n let emailVerified = false\n if (idToken) {\n try {\n const parts = idToken.split('.')\n const payload = JSON.parse(new TextDecoder().decode(base64url_decode(parts[1]!))) as Record<string, any>\n const personalTenantId = '9188040d-6c67-4c5b-b112-36a304b66dad'\n\n // For work/school accounts, the `verified_primary_email` is the source of truth.\n if (payload.verified_primary_email) {\n const primaryEmail = Array.isArray(payload.verified_primary_email)\n ? payload.verified_primary_email[0]\n : payload.verified_primary_email\n\n if (typeof primaryEmail === 'string') {\n email = primaryEmail\n emailVerified = true\n }\n }\n // For personal accounts, the `email` claim is reliable and verified.\n else if (payload.tid === personalTenantId) {\n email = payload.email ?? email\n emailVerified = true\n }\n // Legacy fallback for `xms_edov`.\n else if (payload.xms_edov === true) {\n email = payload.email ?? email\n emailVerified = true\n }\n }\n catch {\n }\n }\n\n const photoResponse = await fetch(MICROSOFT_USER_PHOTO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n\n let avatar: string | null = null\n if (photoResponse.ok) {\n try {\n const blob = await photoResponse.blob()\n const reader = new FileReader()\n const dataUrlPromise = new Promise<string>((resolve, reject) => {\n reader.onloadend = () => resolve(reader.result as string)\n reader.onerror = reject\n reader.readAsDataURL(blob)\n })\n avatar = await dataUrlPromise\n }\n catch {\n }\n }\n\n return {\n id: userData.id,\n name: userData.displayName,\n email,\n emailVerified,\n avatar,\n raw: userData,\n }\n}\n\nexport function Microsoft(config: MicrosoftConfig): OAuthProvider<'microsoft', MicrosoftConfig> {\n const getEndpoints = (tenant: MicrosoftConfig['tenant']) => ({\n authURL: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`,\n tokenURL: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`,\n })\n\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'microsoft',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: Partial<Pick<MicrosoftConfig, 'tenant' | 'prompt'>> }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'profile', 'email', 'User.Read']\n const effectiveTenant: MicrosoftConfig['tenant'] = options?.overrides?.tenant ?? config.tenant ?? 'common'\n const { authURL } = getEndpoints(effectiveTenant)\n const url = await client.createAuthorizationURLWithPKCE(authURL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n const prompt = options?.overrides?.prompt ?? options?.params?.prompt ?? config.prompt\n if (prompt)\n url.searchParams.set('prompt', prompt)\n const mergedParams = { ...(config.params ?? {}), ...(options?.params ?? {}) }\n if (Object.keys(mergedParams).length) {\n for (const [k, v] of Object.entries(mergedParams)) {\n if (k === 'prompt')\n continue\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string, overrides?: Partial<Pick<MicrosoftConfig, 'tenant'>>) {\n const client = getClient(redirectUri)\n const effectiveTenant: MicrosoftConfig['tenant'] = overrides?.tenant ?? config.tenant ?? 'common'\n const { tokenURL } = getEndpoints(effectiveTenant)\n const tokens = await client.validateAuthorizationCode(tokenURL, code, codeVerifier)\n const user = await getUser(tokens.accessToken(), tokens.idToken())\n return { tokens, user }\n },\n\n async refreshAccessToken(refreshToken: string, options?: { overrides?: Partial<Pick<MicrosoftConfig, 'tenant'>> }): Promise<RefreshedTokens> {\n const effectiveTenant: MicrosoftConfig['tenant'] = options?.overrides?.tenant ?? config.tenant ?? 'common'\n const { tokenURL } = getEndpoints(effectiveTenant)\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n scope: (config.scope ?? ['openid', 'profile', 'email', 'User.Read']).join(' '),\n })\n const res = await fetch(tokenURL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json() as any\n if (!res.ok)\n throw json\n\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n"],"mappings":";AACA,SAAS,qBAAqB,oBAAoB;AAElD,IAAM,mBAAmB;AACzB,IAAM,oBAAoB;AAC1B,IAAM,mBAAmB;AAYzB,eAAe,QAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,kBAAkB;AAAA,IAC7C,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AACD,QAAM,OAAoB,MAAM,SAAS,KAAK;AAC9C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,OAAO,KAAK;AAAA,IACZ,eAAe,KAAK;AAAA,IACpB,QAAQ,KAAK,SAAS,sCAAsC,KAAK,EAAE,IAAI,KAAK,MAAM,SAAS;AAAA,IAC3F,KAAK;AAAA,EACP;AACF;AAEO,SAAS,QAAQ,QAAuD;AAC7E,QAAM,gBAAgB,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AACvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AACT,WAAO,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AACA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IACrB,MAAM,oBAAoB,OAAe,cAAsB,SAAyG;AACtK,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,YAAY,OAAO;AACtE,YAAM,MAAM,MAAM,OAAO,+BAA+B,kBAAkB,OAAO,oBAAoB,MAAM,cAAc,MAAM;AAC/H,UAAI,SAAS,QAAQ;AACnB,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACnD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,mBAAmB,MAAM,YAAY;AAC3F,YAAM,OAAO,MAAM,QAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IACA,MAAM,mBAAmB,cAAgD;AACvE,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,MACjB,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,mBAAmB;AAAA,QACzC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AACR,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAC1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;;;AC5FA,SAAS,uBAAAA,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,cAAc;AACpB,IAAM,eAAe;AAUrB,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,eAAe,IAAI,gBAAgB;AACzC,eAAa,IAAI,gBAAgB,WAAW;AAC5C,eAAa,IAAI,UAAU,CAAC,MAAM,QAAQ,WAAW,OAAO,EAAE,KAAK,GAAG,CAAC;AAEvE,QAAM,WAAW,MAAM,MAAM,GAAG,eAAe,IAAI,aAAa,SAAS,CAAC,EAAE;AAC5E,QAAM,OAA6B,MAAM,SAAS,KAAK;AAEvD,MAAI,SAAwB;AAC5B,MAAI,OAAO,KAAK,YAAY;AAC1B,aAAS,KAAK;AAAA,WACP,KAAK,WAAW,OAAO,KAAK,YAAY,YAAY,UAAU,KAAK;AAC1E,aAAS,KAAK,QAAQ,MAAM,OAAO;AAErC,SAAO;AAAA,IACL,IAAI,OAAO,KAAK,EAAE;AAAA,IAClB,MAAM,KAAK,QAAQ;AAAA,IACnB,OAAO,KAAK,SAAS;AAAA,IACrB,eAAe;AAAA,IACf;AAAA,IACA,KAAK;AAAA,EACP;AACF;AAEO,SAAS,SAAS,QAA6E;AACpG,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AACT,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAO,cAAc,SAAS;AACtD,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,SAAS,gBAAgB;AAC5E,YAAM,MAAM,MAAM,OAAO;AAAA,QACvB;AAAA,QACA;AAAA,QACAD,qBAAoB;AAAA,QACpB;AAAA,QACA;AAAA,MACF;AACA,YAAM,eAAe,EAAE,GAAI,OAAO,UAAU,CAAC,GAAI,GAAI,SAAS,UAAU,CAAC,EAAG;AAC5E,UAAI,OAAO,KAAK,YAAY,EAAE,QAAQ;AACpC,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,YAAY,GAAG;AACjD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAM,cAAc,aAAa;AACtD,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,cAAc,MAAM,YAAY;AACtF,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;AC/EA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,iBAAiB;AAkBvB,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,GAAG,cAAc,SAAS;AAAA,IACrD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,MAAI,QAAuB,KAAK;AAChC,MAAI,gBAAgB;AAEpB,QAAM,iBAAiB,MAAM,MAAM,GAAG,cAAc,gBAAgB;AAAA,IAClE,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,MAAI,eAAe,IAAI;AACrB,UAAM,SAAwB,MAAM,eAAe,KAAK;AACxD,UAAM,eAAe,OAAO,KAAK,OAAK,EAAE,WAAW,EAAE,QAAQ;AAC7D,QAAI,cAAc;AAChB,cAAQ,aAAa;AACrB,sBAAgB;AAAA,IAClB,OACK;AAEH,YAAM,gBAAgB,OAAO,KAAK,OAAK,EAAE,QAAQ;AACjD,UAAI,eAAe;AACjB,gBAAQ,cAAc;AACtB,wBAAgB;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,MAAM,KAAK,QAAQ,KAAK;AAAA,IACxB;AAAA,IACA;AAAA,IACA,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAA2E;AAChG,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyG;AACtK,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,aAAa,YAAY;AAC5E,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AAC9H,UAAI,SAAS,QAAQ;AACnB,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACnD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;ACzGA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,sBAAsB;AAW5B,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,qBAAqB;AAAA,IAChD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,OAAO,KAAK;AAAA,IACZ,eAAe,KAAK;AAAA,IACpB,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAAsD;AAC3E,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyG;AACtK,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,SAAS,SAAS;AAC/E,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AAC9H,UAAI,SAAS,QAAQ;AACnB,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACnD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,mBAAmB,cAAgD;AACvE,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,MACjB,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,kBAAkB;AAAA,QACxC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AAER,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAE1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;;;ACpGA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAGlD,IAAM,0BAA0B;AAGhC,IAAM,2BAA2B;AAgBjC,SAAS,iBAAiB,KAAyB;AACjD,QAAM,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACvD,QAAM,aAAa,IAAK,OAAO,SAAS,KAAM;AAC9C,QAAM,SAAS,OAAO,OAAO,OAAO,SAAS,WAAW,GAAG;AAC3D,QAAM,gBAAgB,KAAK,MAAM;AACjC,QAAM,MAAM,cAAc;AAC1B,QAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,WAAS,IAAI,GAAG,IAAI,KAAK;AACvB,UAAM,CAAC,IAAI,cAAc,WAAW,CAAC;AAEvC,SAAO;AACT;AAEA,eAAeC,SAAQ,aAAqB,SAA2C;AACrF,QAAM,eAAe,MAAM,MAAM,yBAAyB;AAAA,IACxD,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AACD,QAAM,WAA0B,MAAM,aAAa,KAAK;AAExD,MAAI,QAAuB,SAAS,QAAQ,SAAS;AACrD,MAAI,gBAAgB;AACpB,MAAI,SAAS;AACX,QAAI;AACF,YAAM,QAAQ,QAAQ,MAAM,GAAG;AAC/B,YAAM,UAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,iBAAiB,MAAM,CAAC,CAAE,CAAC,CAAC;AAChF,YAAM,mBAAmB;AAGzB,UAAI,QAAQ,wBAAwB;AAClC,cAAM,eAAe,MAAM,QAAQ,QAAQ,sBAAsB,IAC7D,QAAQ,uBAAuB,CAAC,IAChC,QAAQ;AAEZ,YAAI,OAAO,iBAAiB,UAAU;AACpC,kBAAQ;AACR,0BAAgB;AAAA,QAClB;AAAA,MACF,WAES,QAAQ,QAAQ,kBAAkB;AACzC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB,WAES,QAAQ,aAAa,MAAM;AAClC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB;AAAA,IACF,QACM;AAAA,IACN;AAAA,EACF;AAEA,QAAM,gBAAgB,MAAM,MAAM,0BAA0B;AAAA,IAC1D,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AAED,MAAI,SAAwB;AAC5B,MAAI,cAAc,IAAI;AACpB,QAAI;AACF,YAAM,OAAO,MAAM,cAAc,KAAK;AACtC,YAAM,SAAS,IAAI,WAAW;AAC9B,YAAM,iBAAiB,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC9D,eAAO,YAAY,MAAM,QAAQ,OAAO,MAAgB;AACxD,eAAO,UAAU;AACjB,eAAO,cAAc,IAAI;AAAA,MAC3B,CAAC;AACD,eAAS,MAAM;AAAA,IACjB,QACM;AAAA,IACN;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,SAAS;AAAA,IACb,MAAM,SAAS;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA,KAAK;AAAA,EACP;AACF;AAEO,SAAS,UAAU,QAAsE;AAC9F,QAAM,eAAe,CAAC,YAAuC;AAAA,IAC3D,SAAS,qCAAqC,MAAM;AAAA,IACpD,UAAU,qCAAqC,MAAM;AAAA,EACvD;AAEA,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyJ;AACtN,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW;AAC5F,YAAM,kBAA6C,SAAS,WAAW,UAAU,OAAO,UAAU;AAClG,YAAM,EAAE,QAAQ,IAAI,aAAa,eAAe;AAChD,YAAM,MAAM,MAAM,OAAO,+BAA+B,SAAS,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AACtH,YAAM,SAAS,SAAS,WAAW,UAAU,SAAS,QAAQ,UAAU,OAAO;AAC/E,UAAI;AACF,YAAI,aAAa,IAAI,UAAU,MAAM;AACvC,YAAM,eAAe,EAAE,GAAI,OAAO,UAAU,CAAC,GAAI,GAAI,SAAS,UAAU,CAAC,EAAG;AAC5E,UAAI,OAAO,KAAK,YAAY,EAAE,QAAQ;AACpC,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,YAAY,GAAG;AACjD,cAAI,MAAM;AACR;AACF,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB,WAAsD;AACrI,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,kBAA6C,WAAW,UAAU,OAAO,UAAU;AACzF,YAAM,EAAE,SAAS,IAAI,aAAa,eAAe;AACjD,YAAM,SAAS,MAAM,OAAO,0BAA0B,UAAU,MAAM,YAAY;AAClF,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,GAAG,OAAO,QAAQ,CAAC;AACjE,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,mBAAmB,cAAsB,SAA8F;AAC3I,YAAM,kBAA6C,SAAS,WAAW,UAAU,OAAO,UAAU;AAClG,YAAM,EAAE,SAAS,IAAI,aAAa,eAAe;AACjD,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,QACf,QAAQ,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW,GAAG,KAAK,GAAG;AAAA,MAC/E,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,UAAU;AAAA,QAChC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AAER,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAE1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;","names":["CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/oauth/providers/discord.ts","../../../src/oauth/providers/facebook.ts","../../../src/oauth/providers/github.ts","../../../src/oauth/providers/google.ts","../../../src/oauth/providers/microsoft.ts"],"sourcesContent":["import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst DISCORD_AUTH_URL = 'https://discord.com/api/oauth2/authorize'\nconst DISCORD_TOKEN_URL = 'https://discord.com/api/oauth2/token'\nconst DISCORD_USER_URL = 'https://discord.com/api/users/@me'\n\ninterface DiscordUser {\n id: string\n username: string\n discriminator: string\n avatar: string | null\n email: string | null\n verified: boolean\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(DISCORD_USER_URL, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n },\n })\n const data: DiscordUser = await response.json()\n return {\n id: data.id,\n name: data.username,\n email: data.email,\n emailVerified: data.verified,\n avatar: data.avatar ? `https://cdn.discordapp.com/avatars/${data.id}/${data.avatar}.png` : null,\n raw: data,\n }\n}\n\nexport function Discord(config: OAuthProviderConfig): OAuthProvider<'discord'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n return {\n id: 'discord',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: any }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['identify', 'email']\n const url = await client.createAuthorizationURLWithPKCE(DISCORD_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n if (options?.params) {\n for (const [k, v] of Object.entries(options.params)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(DISCORD_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n async refreshAccessToken(refreshToken: string): Promise<RefreshedTokens> {\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n })\n const res = await fetch(DISCORD_TOKEN_URL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json()\n if (!res.ok)\n throw json\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst FB_GRAPH_ME_URL = 'https://graph.facebook.com/me'\nconst FB_AUTH_URL = 'https://www.facebook.com/dialog/oauth'\nconst FB_TOKEN_URL = 'https://graph.facebook.com/oauth/access_token'\n\ninterface FacebookUserResponse {\n id: string\n name?: string | null\n email?: string | null\n picture?: { data?: { url?: string | null } } | string | null\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const searchParams = new URLSearchParams()\n searchParams.set('fields', ['id', 'name', 'picture', 'email'].join(','))\n\n const response = await fetch(`${FB_GRAPH_ME_URL}?${searchParams.toString()}`, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n const data: FacebookUserResponse = await response.json()\n\n let avatar: string | null = null\n if (typeof data.picture === 'string')\n avatar = data.picture\n else if (data.picture && typeof data.picture === 'object' && 'data' in data.picture)\n avatar = data.picture.data?.url ?? null\n\n return {\n id: String(data.id),\n name: data.name ?? '',\n email: data.email ?? null,\n emailVerified: data.email ? true : null,\n avatar,\n raw: data,\n }\n}\n\nexport function Facebook(config: OAuthProviderConfig): OAuthProvider<'facebook', OAuthProviderConfig> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'facebook',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state, codeVerifier, options) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['email', 'public_profile']\n const url = await client.createAuthorizationURLWithPKCE(\n FB_AUTH_URL,\n state,\n CodeChallengeMethod.S256,\n codeVerifier,\n scopes,\n )\n const mergedParams = { ...(config.params ?? {}), ...(options?.params ?? {}) }\n if (Object.keys(mergedParams).length) {\n for (const [k, v] of Object.entries(mergedParams)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code, codeVerifier, redirectUri) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(FB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize'\nconst GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nconst GITHUB_API_URL = 'https://api.github.com'\n\ninterface GitHubUser {\n id: number\n login: string\n avatar_url: string\n name: string\n email: string | null\n [key: string]: unknown\n}\n\ninterface GitHubEmail {\n email: string\n primary: boolean\n verified: boolean\n visibility: 'public' | 'private' | null\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(`${GITHUB_API_URL}/user`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n const data: GitHubUser = await response.json()\n\n let email: string | null = data.email\n let emailVerified = false\n\n const emailsResponse = await fetch(`${GITHUB_API_URL}/user/emails`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n\n if (emailsResponse.ok) {\n const emails: GitHubEmail[] = await emailsResponse.json()\n const primaryEmail = emails.find(e => e.primary && e.verified)\n if (primaryEmail) {\n email = primaryEmail.email\n emailVerified = true\n }\n else {\n // Fallback to the first verified email if no primary is found\n const verifiedEmail = emails.find(e => e.verified)\n if (verifiedEmail) {\n email = verifiedEmail.email\n emailVerified = true\n }\n }\n }\n\n return {\n id: data.id.toString(),\n name: data.name ?? data.login,\n email,\n emailVerified,\n avatar: data.avatar_url,\n raw: data,\n }\n}\n\nexport function GitHub(config: OAuthProviderConfig): OAuthProvider<'github', OAuthProviderConfig> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'github',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: any }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['read:user', 'user:email']\n const url = await client.createAuthorizationURLWithPKCE(GITHUB_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n if (options?.params) {\n for (const [k, v] of Object.entries(options.params)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GITHUB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\nconst GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token'\nconst GOOGLE_USERINFO_URL = 'https://openidconnect.googleapis.com/v1/userinfo'\n\ninterface GoogleUser {\n sub: string\n name: string\n email: string | null\n email_verified: boolean\n picture: string | null\n [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(GOOGLE_USERINFO_URL, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n },\n })\n const data: GoogleUser = await response.json()\n\n return {\n id: data.sub,\n name: data.name,\n email: data.email,\n emailVerified: data.email_verified,\n avatar: data.picture,\n raw: data,\n }\n}\n\nexport function Google(config: OAuthProviderConfig): OAuthProvider<'google'> {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'google',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: any }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'email', 'profile']\n const url = await client.createAuthorizationURLWithPKCE(GOOGLE_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n if (options?.params) {\n for (const [k, v] of Object.entries(options.params)) {\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GOOGLE_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n\n async refreshAccessToken(refreshToken: string): Promise<RefreshedTokens> {\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n })\n const res = await fetch(GOOGLE_TOKEN_URL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json() as any\n if (!res.ok)\n throw json\n\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig, RefreshedTokens } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc\nconst MICROSOFT_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'\n\n// https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0\nconst MICROSOFT_USER_PHOTO_URL = 'https://graph.microsoft.com/v1.0/me/photo/$value'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#request-an-authorization-code\ninterface MicrosoftConfig extends OAuthProviderConfig {\n tenant?: 'common' | 'organizations' | 'consumers' | (string & {})\n prompt?: 'login' | 'none' | 'consent' | 'select_account' | (string & {})\n}\n\ninterface MicrosoftUser {\n id: string\n displayName: string\n mail: string | null\n userPrincipalName: string\n [key: string]: unknown\n}\n\nfunction base64url_decode(str: string): Uint8Array {\n const base64 = str.replace(/-/g, '+').replace(/_/g, '/')\n const padLength = (4 - (base64.length % 4)) % 4\n const padded = base64.padEnd(base64.length + padLength, '=')\n const binary_string = atob(padded)\n const len = binary_string.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++)\n bytes[i] = binary_string.charCodeAt(i)\n\n return bytes\n}\n\nasync function getUser(accessToken: string, idToken: string | null): Promise<AuthUser> {\n const userResponse = await fetch(MICROSOFT_USER_INFO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n const userData: MicrosoftUser = await userResponse.json()\n\n let email: string | null = userData.mail ?? userData.userPrincipalName\n let emailVerified = false\n if (idToken) {\n try {\n const parts = idToken.split('.')\n const payload = JSON.parse(new TextDecoder().decode(base64url_decode(parts[1]!))) as Record<string, any>\n const personalTenantId = '9188040d-6c67-4c5b-b112-36a304b66dad'\n\n // For work/school accounts, the `verified_primary_email` is the source of truth.\n if (payload.verified_primary_email) {\n const primaryEmail = Array.isArray(payload.verified_primary_email)\n ? payload.verified_primary_email[0]\n : payload.verified_primary_email\n\n if (typeof primaryEmail === 'string') {\n email = primaryEmail\n emailVerified = true\n }\n }\n // For personal accounts, the `email` claim is reliable and verified.\n else if (payload.tid === personalTenantId) {\n email = payload.email ?? email\n emailVerified = true\n }\n // Legacy fallback for `xms_edov`.\n else if (payload.xms_edov === true) {\n email = payload.email ?? email\n emailVerified = true\n }\n }\n catch {\n }\n }\n\n const photoResponse = await fetch(MICROSOFT_USER_PHOTO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n\n let avatar: string | null = null\n if (photoResponse.ok) {\n try {\n const blob = await photoResponse.blob()\n const reader = new FileReader()\n const dataUrlPromise = new Promise<string>((resolve, reject) => {\n reader.onloadend = () => resolve(reader.result as string)\n reader.onerror = reject\n reader.readAsDataURL(blob)\n })\n avatar = await dataUrlPromise\n }\n catch {\n }\n }\n\n return {\n id: userData.id,\n name: userData.displayName,\n email,\n emailVerified,\n avatar,\n raw: userData,\n }\n}\n\nexport function Microsoft(config: MicrosoftConfig): OAuthProvider<'microsoft', MicrosoftConfig> {\n const getEndpoints = (tenant: MicrosoftConfig['tenant']) => ({\n authURL: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`,\n tokenURL: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`,\n })\n\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'microsoft',\n linkOnly: config.linkOnly,\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string, params?: Record<string, string>, overrides?: Partial<Pick<MicrosoftConfig, 'tenant' | 'prompt'>> }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'profile', 'email', 'User.Read']\n const effectiveTenant: MicrosoftConfig['tenant'] = options?.overrides?.tenant ?? config.tenant ?? 'common'\n const { authURL } = getEndpoints(effectiveTenant)\n const url = await client.createAuthorizationURLWithPKCE(authURL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n const prompt = options?.overrides?.prompt ?? options?.params?.prompt ?? config.prompt\n if (prompt)\n url.searchParams.set('prompt', prompt)\n const mergedParams = { ...(config.params ?? {}), ...(options?.params ?? {}) }\n if (Object.keys(mergedParams).length) {\n for (const [k, v] of Object.entries(mergedParams)) {\n if (k === 'prompt')\n continue\n if (v != null)\n url.searchParams.set(k, String(v))\n }\n }\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string, overrides?: Partial<Pick<MicrosoftConfig, 'tenant'>>) {\n const client = getClient(redirectUri)\n const effectiveTenant: MicrosoftConfig['tenant'] = overrides?.tenant ?? config.tenant ?? 'common'\n const { tokenURL } = getEndpoints(effectiveTenant)\n const tokens = await client.validateAuthorizationCode(tokenURL, code, codeVerifier)\n const user = await getUser(tokens.accessToken(), tokens.idToken())\n return { tokens, user }\n },\n\n async refreshAccessToken(refreshToken: string, options?: { overrides?: Partial<Pick<MicrosoftConfig, 'tenant'>> }): Promise<RefreshedTokens> {\n const effectiveTenant: MicrosoftConfig['tenant'] = options?.overrides?.tenant ?? config.tenant ?? 'common'\n const { tokenURL } = getEndpoints(effectiveTenant)\n const body = new URLSearchParams({\n client_id: config.clientId,\n client_secret: config.clientSecret,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n scope: (config.scope ?? ['openid', 'profile', 'email', 'User.Read']).join(' '),\n })\n const res = await fetch(tokenURL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body,\n })\n const json = await res.json() as any\n if (!res.ok)\n throw json\n\n const expiresIn: number | undefined = json.expires_in\n const expiresAt = typeof expiresIn === 'number' ? Math.floor(Date.now() / 1000) + Math.floor(expiresIn) : undefined\n\n return {\n accessToken: json.access_token,\n refreshToken: json.refresh_token ?? refreshToken,\n expiresAt: expiresAt ?? null,\n idToken: json.id_token ?? null,\n tokenType: json.token_type ?? null,\n scope: json.scope ?? null,\n }\n },\n }\n}\n"],"mappings":";AACA,SAAS,qBAAqB,oBAAoB;AAElD,IAAM,mBAAmB;AACzB,IAAM,oBAAoB;AAC1B,IAAM,mBAAmB;AAYzB,eAAe,QAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,kBAAkB;AAAA,IAC7C,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AACD,QAAM,OAAoB,MAAM,SAAS,KAAK;AAC9C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,OAAO,KAAK;AAAA,IACZ,eAAe,KAAK;AAAA,IACpB,QAAQ,KAAK,SAAS,sCAAsC,KAAK,EAAE,IAAI,KAAK,MAAM,SAAS;AAAA,IAC3F,KAAK;AAAA,EACP;AACF;AAEO,SAAS,QAAQ,QAAuD;AAC7E,QAAM,gBAAgB,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AACvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AACT,WAAO,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AACA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IACrB,MAAM,oBAAoB,OAAe,cAAsB,SAAyG;AACtK,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,YAAY,OAAO;AACtE,YAAM,MAAM,MAAM,OAAO,+BAA+B,kBAAkB,OAAO,oBAAoB,MAAM,cAAc,MAAM;AAC/H,UAAI,SAAS,QAAQ;AACnB,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACnD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,mBAAmB,MAAM,YAAY;AAC3F,YAAM,OAAO,MAAM,QAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IACA,MAAM,mBAAmB,cAAgD;AACvE,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,MACjB,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,mBAAmB;AAAA,QACzC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AACR,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAC1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;;;AC5FA,SAAS,uBAAAA,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,cAAc;AACpB,IAAM,eAAe;AAUrB,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,eAAe,IAAI,gBAAgB;AACzC,eAAa,IAAI,UAAU,CAAC,MAAM,QAAQ,WAAW,OAAO,EAAE,KAAK,GAAG,CAAC;AAEvE,QAAM,WAAW,MAAM,MAAM,GAAG,eAAe,IAAI,aAAa,SAAS,CAAC,IAAI;AAAA,IAC5E,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AACD,QAAM,OAA6B,MAAM,SAAS,KAAK;AAEvD,MAAI,SAAwB;AAC5B,MAAI,OAAO,KAAK,YAAY;AAC1B,aAAS,KAAK;AAAA,WACP,KAAK,WAAW,OAAO,KAAK,YAAY,YAAY,UAAU,KAAK;AAC1E,aAAS,KAAK,QAAQ,MAAM,OAAO;AAErC,SAAO;AAAA,IACL,IAAI,OAAO,KAAK,EAAE;AAAA,IAClB,MAAM,KAAK,QAAQ;AAAA,IACnB,OAAO,KAAK,SAAS;AAAA,IACrB,eAAe,KAAK,QAAQ,OAAO;AAAA,IACnC;AAAA,IACA,KAAK;AAAA,EACP;AACF;AAEO,SAAS,SAAS,QAA6E;AACpG,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AACT,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAO,cAAc,SAAS;AACtD,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,SAAS,gBAAgB;AAC5E,YAAM,MAAM,MAAM,OAAO;AAAA,QACvB;AAAA,QACA;AAAA,QACAD,qBAAoB;AAAA,QACpB;AAAA,QACA;AAAA,MACF;AACA,YAAM,eAAe,EAAE,GAAI,OAAO,UAAU,CAAC,GAAI,GAAI,SAAS,UAAU,CAAC,EAAG;AAC5E,UAAI,OAAO,KAAK,YAAY,EAAE,QAAQ;AACpC,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,YAAY,GAAG;AACjD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAM,cAAc,aAAa;AACtD,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,cAAc,MAAM,YAAY;AACtF,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;AClFA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,iBAAiB;AAkBvB,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,GAAG,cAAc,SAAS;AAAA,IACrD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,MAAI,QAAuB,KAAK;AAChC,MAAI,gBAAgB;AAEpB,QAAM,iBAAiB,MAAM,MAAM,GAAG,cAAc,gBAAgB;AAAA,IAClE,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,MAAI,eAAe,IAAI;AACrB,UAAM,SAAwB,MAAM,eAAe,KAAK;AACxD,UAAM,eAAe,OAAO,KAAK,OAAK,EAAE,WAAW,EAAE,QAAQ;AAC7D,QAAI,cAAc;AAChB,cAAQ,aAAa;AACrB,sBAAgB;AAAA,IAClB,OACK;AAEH,YAAM,gBAAgB,OAAO,KAAK,OAAK,EAAE,QAAQ;AACjD,UAAI,eAAe;AACjB,gBAAQ,cAAc;AACtB,wBAAgB;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,MAAM,KAAK,QAAQ,KAAK;AAAA,IACxB;AAAA,IACA;AAAA,IACA,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAA2E;AAChG,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyG;AACtK,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,aAAa,YAAY;AAC5E,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AAC9H,UAAI,SAAS,QAAQ;AACnB,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACnD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;ACzGA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,sBAAsB;AAW5B,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,qBAAqB;AAAA,IAChD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,OAAO,KAAK;AAAA,IACZ,eAAe,KAAK;AAAA,IACpB,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAAsD;AAC3E,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyG;AACtK,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,SAAS,SAAS;AAC/E,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AAC9H,UAAI,SAAS,QAAQ;AACnB,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,QAAQ,MAAM,GAAG;AACnD,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,mBAAmB,cAAgD;AACvE,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,MACjB,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,kBAAkB;AAAA,QACxC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AAER,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAE1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;;;ACpGA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAGlD,IAAM,0BAA0B;AAGhC,IAAM,2BAA2B;AAgBjC,SAAS,iBAAiB,KAAyB;AACjD,QAAM,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACvD,QAAM,aAAa,IAAK,OAAO,SAAS,KAAM;AAC9C,QAAM,SAAS,OAAO,OAAO,OAAO,SAAS,WAAW,GAAG;AAC3D,QAAM,gBAAgB,KAAK,MAAM;AACjC,QAAM,MAAM,cAAc;AAC1B,QAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,WAAS,IAAI,GAAG,IAAI,KAAK;AACvB,UAAM,CAAC,IAAI,cAAc,WAAW,CAAC;AAEvC,SAAO;AACT;AAEA,eAAeC,SAAQ,aAAqB,SAA2C;AACrF,QAAM,eAAe,MAAM,MAAM,yBAAyB;AAAA,IACxD,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AACD,QAAM,WAA0B,MAAM,aAAa,KAAK;AAExD,MAAI,QAAuB,SAAS,QAAQ,SAAS;AACrD,MAAI,gBAAgB;AACpB,MAAI,SAAS;AACX,QAAI;AACF,YAAM,QAAQ,QAAQ,MAAM,GAAG;AAC/B,YAAM,UAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,iBAAiB,MAAM,CAAC,CAAE,CAAC,CAAC;AAChF,YAAM,mBAAmB;AAGzB,UAAI,QAAQ,wBAAwB;AAClC,cAAM,eAAe,MAAM,QAAQ,QAAQ,sBAAsB,IAC7D,QAAQ,uBAAuB,CAAC,IAChC,QAAQ;AAEZ,YAAI,OAAO,iBAAiB,UAAU;AACpC,kBAAQ;AACR,0BAAgB;AAAA,QAClB;AAAA,MACF,WAES,QAAQ,QAAQ,kBAAkB;AACzC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB,WAES,QAAQ,aAAa,MAAM;AAClC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB;AAAA,IACF,QACM;AAAA,IACN;AAAA,EACF;AAEA,QAAM,gBAAgB,MAAM,MAAM,0BAA0B;AAAA,IAC1D,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AAED,MAAI,SAAwB;AAC5B,MAAI,cAAc,IAAI;AACpB,QAAI;AACF,YAAM,OAAO,MAAM,cAAc,KAAK;AACtC,YAAM,SAAS,IAAI,WAAW;AAC9B,YAAM,iBAAiB,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC9D,eAAO,YAAY,MAAM,QAAQ,OAAO,MAAgB;AACxD,eAAO,UAAU;AACjB,eAAO,cAAc,IAAI;AAAA,MAC3B,CAAC;AACD,eAAS,MAAM;AAAA,IACjB,QACM;AAAA,IACN;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,SAAS;AAAA,IACb,MAAM,SAAS;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA,KAAK;AAAA,EACP;AACF;AAEO,SAAS,UAAU,QAAsE;AAC9F,QAAM,eAAe,CAAC,YAAuC;AAAA,IAC3D,SAAS,qCAAqC,MAAM;AAAA,IACpD,UAAU,qCAAqC,MAAM;AAAA,EACvD;AAEA,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,UAAU,OAAO;AAAA,IACjB,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAyJ;AACtN,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW;AAC5F,YAAM,kBAA6C,SAAS,WAAW,UAAU,OAAO,UAAU;AAClG,YAAM,EAAE,QAAQ,IAAI,aAAa,eAAe;AAChD,YAAM,MAAM,MAAM,OAAO,+BAA+B,SAAS,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AACtH,YAAM,SAAS,SAAS,WAAW,UAAU,SAAS,QAAQ,UAAU,OAAO;AAC/E,UAAI;AACF,YAAI,aAAa,IAAI,UAAU,MAAM;AACvC,YAAM,eAAe,EAAE,GAAI,OAAO,UAAU,CAAC,GAAI,GAAI,SAAS,UAAU,CAAC,EAAG;AAC5E,UAAI,OAAO,KAAK,YAAY,EAAE,QAAQ;AACpC,mBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,YAAY,GAAG;AACjD,cAAI,MAAM;AACR;AACF,cAAI,KAAK;AACP,gBAAI,aAAa,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,QACrC;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB,WAAsD;AACrI,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,kBAA6C,WAAW,UAAU,OAAO,UAAU;AACzF,YAAM,EAAE,SAAS,IAAI,aAAa,eAAe;AACjD,YAAM,SAAS,MAAM,OAAO,0BAA0B,UAAU,MAAM,YAAY;AAClF,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,GAAG,OAAO,QAAQ,CAAC;AACjE,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,IAEA,MAAM,mBAAmB,cAAsB,SAA8F;AAC3I,YAAM,kBAA6C,SAAS,WAAW,UAAU,OAAO,UAAU;AAClG,YAAM,EAAE,SAAS,IAAI,aAAa,eAAe;AACjD,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,WAAW,OAAO;AAAA,QAClB,eAAe,OAAO;AAAA,QACtB,YAAY;AAAA,QACZ,eAAe;AAAA,QACf,QAAQ,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW,GAAG,KAAK,GAAG;AAAA,MAC/E,CAAC;AACD,YAAM,MAAM,MAAM,MAAM,UAAU;AAAA,QAChC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,CAAC,IAAI;AACP,cAAM;AAER,YAAM,YAAgC,KAAK;AAC3C,YAAM,YAAY,OAAO,cAAc,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,KAAK,MAAM,SAAS,IAAI;AAE1G,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,iBAAiB;AAAA,QACpC,WAAW,aAAa;AAAA,QACxB,SAAS,KAAK,YAAY;AAAA,QAC1B,WAAW,KAAK,cAAc;AAAA,QAC9B,OAAO,KAAK,SAAS;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;","names":["CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"facebook.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/facebook.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;
|
|
1
|
+
{"version":3,"file":"facebook.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/facebook.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AA0C5E,wBAAgB,QAAQ,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAyCpG"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t,startAuthBridge as
|
|
1
|
+
import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t,startAuthBridge as c}from"../../chunk-PL7MV7OC.js";export{o as handleTauriDeepLink,r as isTauri,m as linkAccountWithTauri,p as setupTauriListener,t as signInWithTauri,c as startAuthBridge};//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t,startAuthBridge as
|
|
1
|
+
import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t,startAuthBridge as c}from"../../../chunk-PL7MV7OC.js";export{o as handleTauriDeepLink,r as isTauri,m as linkAccountWithTauri,p as setupTauriListener,t as signInWithTauri,c as startAuthBridge};//# sourceMappingURL=index.js.map
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
import type { CreateAuthOptions, GauSession } from '../core';
|
|
1
|
+
import type { CreateAuthOptions, GauSession, RefreshSessionOptions } from '../core';
|
|
2
2
|
import type { OAuthProvider } from '../oauth';
|
|
3
|
-
import { createAuth } from '../core';
|
|
3
|
+
import { createAuth, REFRESHED_TOKEN_HEADER } from '../core';
|
|
4
|
+
export { REFRESHED_TOKEN_HEADER };
|
|
4
5
|
type AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>;
|
|
5
6
|
/**
|
|
6
7
|
* Creates GET and POST handlers for SolidStart.
|
|
@@ -33,5 +34,24 @@ export declare function createSolidStartGetSession<const TProviders extends OAut
|
|
|
33
34
|
* onRequest: [authMiddleware(false, auth)]
|
|
34
35
|
*/
|
|
35
36
|
export declare function authMiddleware<const TProviders extends OAuthProvider<any>[]>(pathsToPreLoad: string[] | boolean, optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>): (event: any) => Promise<void>;
|
|
36
|
-
|
|
37
|
+
/**
|
|
38
|
+
* SolidStart middleware to automatically refresh sessions.
|
|
39
|
+
* Sets the appropriate header based on how the token was provided:
|
|
40
|
+
* - Cookie → Set-Cookie header
|
|
41
|
+
* - Bearer token → X-Refreshed-Token header (for Tauri/mobile clients)
|
|
42
|
+
*
|
|
43
|
+
* @example
|
|
44
|
+
* ```ts
|
|
45
|
+
* // middleware.ts
|
|
46
|
+
* import { authMiddleware, refreshMiddleware } from '@rttnd/gau/solidstart'
|
|
47
|
+
*
|
|
48
|
+
* export default createMiddleware({
|
|
49
|
+
* onRequest: [
|
|
50
|
+
* authMiddleware(true, auth),
|
|
51
|
+
* refreshMiddleware(auth, { threshold: 0.5 }),
|
|
52
|
+
* ],
|
|
53
|
+
* })
|
|
54
|
+
* ```
|
|
55
|
+
*/
|
|
56
|
+
export declare function refreshMiddleware<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>, options?: RefreshSessionOptions): (event: any) => Promise<void>;
|
|
37
57
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/solidstart/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAe,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/solidstart/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAe,qBAAqB,EAAE,MAAM,SAAS,CAAA;AAChG,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAE7C,OAAO,EAAE,UAAU,EAA2D,sBAAsB,EAAE,MAAM,SAAS,CAAA;AAErH,OAAO,EAAE,sBAAsB,EAAE,CAAA;AAEjC,KAAK,YAAY,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,IAAI,UAAU,CAAC,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;AAEtG;;;;;;;;;;;GAWG;AACH,wBAAgB,SAAS,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC;;;;EAY/I;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,UAAU,CAAC,0OAsBvH;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAC1E,cAAc,EAAE,MAAM,EAAE,GAAG,OAAO,EAClC,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,iCAoBxE;AAWD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAC7E,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,EACvE,OAAO,GAAE,qBAA0B,iCAcpC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{NULL_SESSION as e,
|
|
1
|
+
import{NULL_SESSION as e,REFRESHED_TOKEN_HEADER as n,createAuth as r,createHandler as o,getSessionTokenFromRequest as t}from"../../chunk-VZVZ2KXR.js";import s from"process";function i(e){const n=a(e);n.development="development"===s.env.NODE_ENV;const r=o(n),t=e=>r(e.request);return{GET:t,POST:t,OPTIONS:t}}function c(n){return async function(r){const{token:o}=t(r),s=Array.from(n.providerMap.keys());if(!o)return{...e,providers:s};try{const r=await n.validateSession(o);return r?{...r,providers:s}:{...e,providers:s}}catch{return{...e,providers:s}}}}function u(e,n){const r=c(a(n));return async n=>{const o=new URL(n.request.url);if("boolean"==typeof e?e:e.includes(o.pathname)){const e=await r(n.request);return void(n.locals.getSession=async()=>e)}n.locals.getSession=()=>r(n.request)}}function a(e){return"providerMap"in e&&"signJWT"in e?e:r(e)}function p(e,r={}){const o=a(e);return async e=>{const t=await o.refreshSession(e.request,r);t&&("cookie"===t.source?e.response.headers.set("Set-Cookie",t.cookie):e.response.headers.set(n,t.token))}}export{n as REFRESHED_TOKEN_HEADER,i as SolidAuth,u as authMiddleware,c as createSolidStartGetSession,p as refreshMiddleware};//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/solidstart/index.ts"],"sourcesContent":["import type { CreateAuthOptions, GauSession, ProviderIds } from '../core'\nimport type { OAuthProvider } from '../oauth'\nimport process from 'node:process'\nimport { createAuth, createHandler,
|
|
1
|
+
{"version":3,"sources":["../../../src/solidstart/index.ts"],"sourcesContent":["import type { CreateAuthOptions, GauSession, ProviderIds, RefreshSessionOptions } from '../core'\nimport type { OAuthProvider } from '../oauth'\nimport process from 'node:process'\nimport { createAuth, createHandler, getSessionTokenFromRequest, NULL_SESSION, REFRESHED_TOKEN_HEADER } from '../core'\n\nexport { REFRESHED_TOKEN_HEADER }\n\ntype AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>\n\n/**\n * Creates GET and POST handlers for SolidStart.\n *\n * @example\n * ```ts\n * // src/routes/api/auth/[...auth].ts\n * import { SolidAuth } from '@rttnd/gau/solid-start'\n * import { authOptions } from '~/server/auth'\n *\n * export const { GET, POST } = SolidAuth(authOptions)\n * ```\n */\nexport function SolidAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>) {\n const auth = resolveAuth(optionsOrAuth)\n\n auth.development = process.env.NODE_ENV === 'development'\n\n const handler = createHandler(auth)\n const solidHandler = (event: any) => handler(event.request)\n return {\n GET: solidHandler,\n POST: solidHandler,\n OPTIONS: solidHandler,\n }\n}\n\n/**\n * Creates a SolidStart-compatible getSession resolver to validate a session from a Request.\n * This mirrors the SvelteKit integration behaviour and supports both Cookie and Authorization headers.\n */\nexport function createSolidStartGetSession<const TProviders extends OAuthProvider<any>[]>(auth: AuthInstance<TProviders>) {\n return async function getSessionFromRequest(\n request: Request,\n ): Promise<GauSession<ProviderIds<AuthInstance<TProviders>>>> {\n const { token: sessionToken } = getSessionTokenFromRequest(request)\n\n const providers = Array.from(auth.providerMap.keys()) as ProviderIds<AuthInstance<TProviders>>[]\n\n if (!sessionToken)\n return { ...NULL_SESSION, providers }\n\n try {\n const validated = await auth.validateSession(sessionToken)\n if (!validated)\n return { ...NULL_SESSION, providers }\n\n return { ...validated, providers }\n }\n catch {\n return { ...NULL_SESSION, providers }\n }\n }\n}\n\n/**\n * SolidStart middleware factory to attach `locals.getSession` and optionally preload the session.\n *\n * Usage:\n * onRequest: [authMiddleware(true, auth)]\n * onRequest: [authMiddleware(['/protected', '/dashboard'], auth)]\n * onRequest: [authMiddleware(false, auth)]\n */\nexport function authMiddleware<const TProviders extends OAuthProvider<any>[]>(\n pathsToPreLoad: string[] | boolean,\n optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>,\n) {\n const auth = resolveAuth(optionsOrAuth)\n\n const getSessionFromRequest = createSolidStartGetSession(auth)\n\n return async (event: any) => {\n const url = new URL(event.request.url)\n const shouldPreload = typeof pathsToPreLoad === 'boolean'\n ? pathsToPreLoad\n : pathsToPreLoad.includes(url.pathname)\n\n if (shouldPreload) {\n const preloaded = await getSessionFromRequest(event.request)\n event.locals.getSession = async () => preloaded\n return\n }\n\n event.locals.getSession = () => getSessionFromRequest(event.request)\n }\n}\n\nfunction resolveAuth<const TProviders extends OAuthProvider<any>[]>(\n optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>,\n): AuthInstance<TProviders> {\n const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\n return isInstance\n ? (optionsOrAuth as AuthInstance<TProviders>)\n : createAuth(optionsOrAuth as CreateAuthOptions<TProviders>)\n}\n\n/**\n * SolidStart middleware to automatically refresh sessions.\n * Sets the appropriate header based on how the token was provided:\n * - Cookie → Set-Cookie header\n * - Bearer token → X-Refreshed-Token header (for Tauri/mobile clients)\n *\n * @example\n * ```ts\n * // middleware.ts\n * import { authMiddleware, refreshMiddleware } from '@rttnd/gau/solidstart'\n *\n * export default createMiddleware({\n * onRequest: [\n * authMiddleware(true, auth),\n * refreshMiddleware(auth, { threshold: 0.5 }),\n * ],\n * })\n * ```\n */\nexport function refreshMiddleware<const TProviders extends OAuthProvider<any>[]>(\n optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>,\n options: RefreshSessionOptions = {},\n) {\n const auth = resolveAuth(optionsOrAuth)\n\n return async (event: any) => {\n const refreshed = await auth.refreshSession(event.request, options)\n\n if (refreshed) {\n if (refreshed.source === 'cookie')\n event.response.headers.set('Set-Cookie', refreshed.cookie)\n else\n event.response.headers.set(REFRESHED_TOKEN_HEADER, refreshed.token)\n }\n }\n}\n"],"mappings":";;;;;;;;;AAEA,OAAO,aAAa;AAmBb,SAAS,UAAyD,eAAyE;AAChJ,QAAM,OAAO,YAAY,aAAa;AAEtC,OAAK,cAAc,QAAQ,IAAI,aAAa;AAE5C,QAAM,UAAU,cAAc,IAAI;AAClC,QAAM,eAAe,CAAC,UAAe,QAAQ,MAAM,OAAO;AAC1D,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,EACX;AACF;AAMO,SAAS,2BAA0E,MAAgC;AACxH,SAAO,eAAe,sBACpB,SAC4D;AAC5D,UAAM,EAAE,OAAO,aAAa,IAAI,2BAA2B,OAAO;AAElE,UAAM,YAAY,MAAM,KAAK,KAAK,YAAY,KAAK,CAAC;AAEpD,QAAI,CAAC;AACH,aAAO,EAAE,GAAG,cAAc,UAAU;AAEtC,QAAI;AACF,YAAM,YAAY,MAAM,KAAK,gBAAgB,YAAY;AACzD,UAAI,CAAC;AACH,eAAO,EAAE,GAAG,cAAc,UAAU;AAEtC,aAAO,EAAE,GAAG,WAAW,UAAU;AAAA,IACnC,QACM;AACJ,aAAO,EAAE,GAAG,cAAc,UAAU;AAAA,IACtC;AAAA,EACF;AACF;AAUO,SAAS,eACd,gBACA,eACA;AACA,QAAM,OAAO,YAAY,aAAa;AAEtC,QAAM,wBAAwB,2BAA2B,IAAI;AAE7D,SAAO,OAAO,UAAe;AAC3B,UAAM,MAAM,IAAI,IAAI,MAAM,QAAQ,GAAG;AACrC,UAAM,gBAAgB,OAAO,mBAAmB,YAC5C,iBACA,eAAe,SAAS,IAAI,QAAQ;AAExC,QAAI,eAAe;AACjB,YAAM,YAAY,MAAM,sBAAsB,MAAM,OAAO;AAC3D,YAAM,OAAO,aAAa,YAAY;AACtC;AAAA,IACF;AAEA,UAAM,OAAO,aAAa,MAAM,sBAAsB,MAAM,OAAO;AAAA,EACrE;AACF;AAEA,SAAS,YACP,eAC0B;AAC1B,QAAM,aAAa,iBAAiB,iBAAiB,aAAa;AAClE,SAAO,aACF,gBACD,WAAW,aAA8C;AAC/D;AAqBO,SAAS,kBACd,eACA,UAAiC,CAAC,GAClC;AACA,QAAM,OAAO,YAAY,aAAa;AAEtC,SAAO,OAAO,UAAe;AAC3B,UAAM,YAAY,MAAM,KAAK,eAAe,MAAM,SAAS,OAAO;AAElE,QAAI,WAAW;AACb,UAAI,UAAU,WAAW;AACvB,cAAM,SAAS,QAAQ,IAAI,cAAc,UAAU,MAAM;AAAA;AAEzD,cAAM,SAAS,QAAQ,IAAI,wBAAwB,UAAU,KAAK;AAAA,IACtE;AAAA,EACF;AACF;","names":[]}
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import type { Handle, RequestEvent } from '@sveltejs/kit';
|
|
2
|
-
import type { CreateAuthOptions } from '../core';
|
|
2
|
+
import type { CreateAuthOptions, RefreshSessionOptions } from '../core';
|
|
3
3
|
import type { OAuthProvider } from '../oauth';
|
|
4
|
-
import { createAuth } from '../core';
|
|
4
|
+
import { createAuth, REFRESHED_TOKEN_HEADER } from '../core';
|
|
5
|
+
export { REFRESHED_TOKEN_HEADER };
|
|
5
6
|
type AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>;
|
|
6
7
|
/**
|
|
7
8
|
* Creates GET and POST handlers for SvelteKit.
|
|
@@ -21,5 +22,22 @@ export declare function SvelteKitAuth<const TProviders extends OAuthProvider<any
|
|
|
21
22
|
OPTIONS: (event: RequestEvent<Record<string, string>, string | null>) => Promise<Response>;
|
|
22
23
|
handle: Handle;
|
|
23
24
|
};
|
|
24
|
-
|
|
25
|
+
/**
|
|
26
|
+
* Creates a SvelteKit handle that automatically refreshes sessions.
|
|
27
|
+
* Sets the appropriate header based on how the token was provided:
|
|
28
|
+
* - Cookie → Set-Cookie header
|
|
29
|
+
* - Bearer token → X-Refreshed-Token header (for Tauri/mobile clients)
|
|
30
|
+
*
|
|
31
|
+
* @example
|
|
32
|
+
* ```ts
|
|
33
|
+
* // hooks.server.ts
|
|
34
|
+
* import { sequence } from '@sveltejs/kit/hooks'
|
|
35
|
+
* import { handle as authHandle } from './routes/api/auth/[...gau]/+server'
|
|
36
|
+
* import { createRefreshHandle } from '@rttnd/gau/sveltekit'
|
|
37
|
+
* import { auth } from '$lib/server/auth'
|
|
38
|
+
*
|
|
39
|
+
* export const handle = sequence(authHandle, createRefreshHandle(auth, { threshold: 0.5 }))
|
|
40
|
+
* ```
|
|
41
|
+
*/
|
|
42
|
+
export declare function createRefreshHandle<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>, options?: RefreshSessionOptions): Handle;
|
|
25
43
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/sveltekit/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAA2B,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/sveltekit/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAA2B,qBAAqB,EAAE,MAAM,SAAS,CAAA;AAChG,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,EAAE,UAAU,EAA2D,sBAAsB,EAAE,MAAM,SAAS,CAAA;AAErH,OAAO,EAAE,sBAAsB,EAAE,CAAA;AAEjC,KAAK,YAAY,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,IAAI,UAAU,CAAC,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;AAEtG;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC;;;;;EAiDnJ;AAWD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAC/E,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,EACvE,OAAO,GAAE,qBAA0B,GAClC,MAAM,CAiBR"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{NULL_SESSION as e,
|
|
1
|
+
import{NULL_SESSION as e,REFRESHED_TOKEN_HEADER as r,createAuth as n,createHandler as t,getSessionTokenFromRequest as o}from"../../chunk-VZVZ2KXR.js";function s(r){const s="providerMap"in r&&"signJWT"in r?r:n(r);(async()=>{try{s.development=(await import("$app/environment")).dev}catch{s.development=!1}})();const i=t(s),a=e=>i(e.request);return{GET:a,POST:a,OPTIONS:a,handle:async({event:r,resolve:n})=>(r.locals.getSession=async()=>{const{token:n}=o(r.request),t=Array.from(s.providerMap.keys());if(!n)return{...e,providers:t};try{const r=await s.validateSession(n);return r?{...r,providers:t}:{...e,providers:t}}catch{return{...e,providers:t}}},n(r))}}function i(e,t={}){const o=function(e){return"providerMap"in e&&"signJWT"in e?e:n(e)}(e);return async({event:e,resolve:n})=>{const s=await o.refreshSession(e.request,t),i=await n(e);return s&&("cookie"===s.source?i.headers.set("Set-Cookie",s.cookie):i.headers.set(r,s.token)),i}}export{r as REFRESHED_TOKEN_HEADER,s as SvelteKitAuth,i as createRefreshHandle};//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/sveltekit/index.ts"],"sourcesContent":["import type { Handle, RequestEvent } from '@sveltejs/kit'\nimport type { CreateAuthOptions, GauSession, ProviderIds } from '../core'\nimport type { OAuthProvider } from '../oauth'\nimport { createAuth, createHandler,
|
|
1
|
+
{"version":3,"sources":["../../../src/sveltekit/index.ts"],"sourcesContent":["import type { Handle, RequestEvent } from '@sveltejs/kit'\nimport type { CreateAuthOptions, GauSession, ProviderIds, RefreshSessionOptions } from '../core'\nimport type { OAuthProvider } from '../oauth'\nimport { createAuth, createHandler, getSessionTokenFromRequest, NULL_SESSION, REFRESHED_TOKEN_HEADER } from '../core'\n\nexport { REFRESHED_TOKEN_HEADER }\n\ntype AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>\n\n/**\n * Creates GET and POST handlers for SvelteKit.\n *\n * @example\n * ```ts\n * // src/routes/api/auth/[...gau]/+server.ts\n * import { SvelteKitAuth } from '@rttnd/gau/sveltekit'\n * import { auth } from '$lib/server/auth'\n *\n * export const { GET, POST } = SvelteKitAuth(auth)\n * ```\n */\nexport function SvelteKitAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>) {\n // TODO: Duck-type to check if we have an instance or raw options\n const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\n\n const auth = isInstance\n ? (optionsOrAuth as AuthInstance<TProviders>)\n : createAuth(optionsOrAuth as CreateAuthOptions<TProviders>)\n\n void (async () => {\n try {\n auth.development = (await import('$app/environment')).dev\n }\n catch {\n auth.development = false\n }\n })()\n\n const handler = createHandler(auth)\n const sveltekitHandler = (event: RequestEvent) => handler(event.request)\n\n const handle: Handle = async ({ event, resolve }) => {\n (event.locals as any).getSession = async (): Promise<GauSession<ProviderIds<AuthInstance<TProviders>>>> => {\n const { token: sessionToken } = getSessionTokenFromRequest(event.request)\n\n const providers = Array.from(auth.providerMap.keys()) as ProviderIds<AuthInstance<TProviders>>[]\n\n if (!sessionToken)\n return { ...NULL_SESSION, providers }\n\n try {\n const validated = await auth.validateSession(sessionToken)\n if (!validated)\n return { ...NULL_SESSION, providers }\n\n return { ...validated, providers }\n }\n catch {\n return { ...NULL_SESSION, providers }\n }\n }\n return resolve(event)\n }\n\n return {\n GET: sveltekitHandler,\n POST: sveltekitHandler,\n OPTIONS: sveltekitHandler,\n handle,\n }\n}\n\nfunction resolveAuth<const TProviders extends OAuthProvider<any>[]>(\n optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>,\n): AuthInstance<TProviders> {\n const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\n return isInstance\n ? (optionsOrAuth as AuthInstance<TProviders>)\n : createAuth(optionsOrAuth as CreateAuthOptions<TProviders>)\n}\n\n/**\n * Creates a SvelteKit handle that automatically refreshes sessions.\n * Sets the appropriate header based on how the token was provided:\n * - Cookie → Set-Cookie header\n * - Bearer token → X-Refreshed-Token header (for Tauri/mobile clients)\n *\n * @example\n * ```ts\n * // hooks.server.ts\n * import { sequence } from '@sveltejs/kit/hooks'\n * import { handle as authHandle } from './routes/api/auth/[...gau]/+server'\n * import { createRefreshHandle } from '@rttnd/gau/sveltekit'\n * import { auth } from '$lib/server/auth'\n *\n * export const handle = sequence(authHandle, createRefreshHandle(auth, { threshold: 0.5 }))\n * ```\n */\nexport function createRefreshHandle<const TProviders extends OAuthProvider<any>[]>(\n optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>,\n options: RefreshSessionOptions = {},\n): Handle {\n const auth = resolveAuth(optionsOrAuth)\n\n return async ({ event, resolve }) => {\n const refreshed = await auth.refreshSession(event.request, options)\n\n const response = await resolve(event)\n\n if (refreshed) {\n if (refreshed.source === 'cookie')\n response.headers.set('Set-Cookie', refreshed.cookie)\n else\n response.headers.set(REFRESHED_TOKEN_HEADER, refreshed.token)\n }\n\n return response\n }\n}\n"],"mappings":";;;;;;;;;AAqBO,SAAS,cAA6D,eAAyE;AAEpJ,QAAM,aAAa,iBAAiB,iBAAiB,aAAa;AAElE,QAAM,OAAO,aACR,gBACD,WAAW,aAA8C;AAE7D,QAAM,YAAY;AAChB,QAAI;AACF,WAAK,eAAe,MAAM,OAAO,kBAAkB,GAAG;AAAA,IACxD,QACM;AACJ,WAAK,cAAc;AAAA,IACrB;AAAA,EACF,GAAG;AAEH,QAAM,UAAU,cAAc,IAAI;AAClC,QAAM,mBAAmB,CAAC,UAAwB,QAAQ,MAAM,OAAO;AAEvE,QAAM,SAAiB,OAAO,EAAE,OAAO,QAAQ,MAAM;AACnD,IAAC,MAAM,OAAe,aAAa,YAAwE;AACzG,YAAM,EAAE,OAAO,aAAa,IAAI,2BAA2B,MAAM,OAAO;AAExE,YAAM,YAAY,MAAM,KAAK,KAAK,YAAY,KAAK,CAAC;AAEpD,UAAI,CAAC;AACH,eAAO,EAAE,GAAG,cAAc,UAAU;AAEtC,UAAI;AACF,cAAM,YAAY,MAAM,KAAK,gBAAgB,YAAY;AACzD,YAAI,CAAC;AACH,iBAAO,EAAE,GAAG,cAAc,UAAU;AAEtC,eAAO,EAAE,GAAG,WAAW,UAAU;AAAA,MACnC,QACM;AACJ,eAAO,EAAE,GAAG,cAAc,UAAU;AAAA,MACtC;AAAA,IACF;AACA,WAAO,QAAQ,KAAK;AAAA,EACtB;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,IACT;AAAA,EACF;AACF;AAEA,SAAS,YACP,eAC0B;AAC1B,QAAM,aAAa,iBAAiB,iBAAiB,aAAa;AAClE,SAAO,aACF,gBACD,WAAW,aAA8C;AAC/D;AAmBO,SAAS,oBACd,eACA,UAAiC,CAAC,GAC1B;AACR,QAAM,OAAO,YAAY,aAAa;AAEtC,SAAO,OAAO,EAAE,OAAO,QAAQ,MAAM;AACnC,UAAM,YAAY,MAAM,KAAK,eAAe,MAAM,SAAS,OAAO;AAElE,UAAM,WAAW,MAAM,QAAQ,KAAK;AAEpC,QAAI,WAAW;AACb,UAAI,UAAU,WAAW;AACvB,iBAAS,QAAQ,IAAI,cAAc,UAAU,MAAM;AAAA;AAEnD,iBAAS,QAAQ,IAAI,wBAAwB,UAAU,KAAK;AAAA,IAChE;AAEA,WAAO;AAAA,EACT;AACF;","names":[]}
|
package/package.json
CHANGED
package/dist/chunk-GVRQST3R.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
import{BROWSER as e}from"esm-env";import{BROWSER as n}from"esm-env";function t(e){if(n)try{localStorage.setItem("gau-token",e),document.cookie=`__gau-session-token=${e}; path=/; max-age=31536000; samesite=lax; secure`}catch{}}function o(){return n?localStorage.getItem("gau-token"):null}function r(){if(n)try{localStorage.removeItem("gau-token"),document.cookie="__gau-session-token=; path=/; max-age=0"}catch{}}function i(){return e&&"__TAURI_INTERNALS__"in globalThis}async function a(t,o,r="gau",a,c){if(!i())return;const{openUrl:s}=await import("@tauri-apps/plugin-opener");let u;u=a||`${r}://oauth/callback`;const{codeVerifier:l,codeChallenge:f}=await async function(){if(!n||!window.crypto||!window.crypto.subtle)throw new Error("PKCE relies on window.crypto, which is not available in this environment.");function e(e){return btoa(String.fromCharCode(...e)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}const t=new Uint8Array(43);window.crypto.getRandomValues(t);const o=e(t),r=(new TextEncoder).encode(o),i=await window.crypto.subtle.digest("SHA-256",r);return{codeVerifier:o,codeChallenge:e(new Uint8Array(i))}}();localStorage.setItem("gau-pkce-verifier",l);const g=new URLSearchParams;g.set("redirectTo",u),c&&g.set("profile",String(c)),g.set("code_challenge",f);const w=`${function(n){try{return new URL(n).toString().replace(/\/$/,"")}catch{if(e&&"undefined"!=typeof window)try{return new URL(n,window.location.origin).toString().replace(/\/$/,"")}catch{return n}return n}}(o)}/${t}?${g.toString()}`;await s(w)}async function c(e){if(!i())return;const{listen:n}=await import("@tauri-apps/api/event");try{return await n("deep-link",async n=>{await e(n.payload)})}catch(e){console.error(e)}}async function s(n,t,o,r){const i=new URL(n),a=function(n){try{return new URL(n).origin}catch{if(e&&"undefined"!=typeof window)try{return new URL(n,window.location.origin).origin}catch{return null}return null}}(t);if(i.protocol!==`${o}:`&&(!a||i.origin!==a))return;const c=new URLSearchParams(i.search).get("code");if(c){const e=localStorage.getItem("gau-pkce-verifier");if(!e)return void console.error("No PKCE verifier found");localStorage.removeItem("gau-pkce-verifier");try{const n=await fetch(`${t}/token`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({code:c,codeVerifier:e})});if(n.ok){const e=await n.json();e.token&&r(e.token)}else console.error("Failed to exchange code for token")}catch(e){console.error("Error exchanging code for token:",e)}}}async function u(n,t,r="gau",a,c){if(!i())return;const{openUrl:s}=await import("@tauri-apps/plugin-opener");let u;u=a||`${r}://oauth/callback`;const l=o();if(!l)return void console.error("No session token found, cannot link account.");const f=new URLSearchParams;f.set("redirectTo",u),f.set("token",l),c&&f.set("profile",String(c));const g=`${(()=>{try{return new URL(t).toString().replace(/\/$/,"")}catch{if(e&&"undefined"!=typeof window)try{return new URL(t,window.location.origin).toString().replace(/\/$/,"")}catch{return t}return t}})()}/link/${n}?${f.toString()}`;await s(g)}async function l(e,n,t){if(!i())return;return await c(async o=>{s(o,e,n,t)})}export{t as storeSessionToken,o as getSessionToken,r as clearSessionToken,i as isTauri,a as signInWithTauri,c as setupTauriListener,s as handleTauriDeepLink,u as linkAccountWithTauri,l as startAuthBridge};//# sourceMappingURL=chunk-GVRQST3R.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/runtimes/tauri/index.ts","../src/client/token.ts"],"sourcesContent":["import type { ProfileName, ProviderIds } from '../../core'\nimport { BROWSER } from 'esm-env'\nimport { generatePKCE, getSessionToken } from '../../client/token'\n\nexport function isTauri(): boolean {\n return BROWSER && '__TAURI_INTERNALS__' in globalThis\n}\n\nfunction resolveOrigin(baseUrl: string): string | null {\n try {\n return new URL(baseUrl).origin\n }\n catch {\n if (BROWSER && typeof window !== 'undefined') {\n try {\n return new URL(baseUrl, window.location.origin).origin\n }\n catch {\n return null\n }\n }\n return null\n }\n}\n\nexport async function signInWithTauri<const TAuth = unknown, P extends ProviderIds<TAuth> = ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> | string) | undefined = undefined>(\n provider: P,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n profile?: PR,\n) {\n if (!isTauri())\n return\n\n const { openUrl } = await import('@tauri-apps/plugin-opener')\n\n function resolveAbsoluteBase(base: string): string {\n try {\n const u = new URL(base)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n if (BROWSER && typeof window !== 'undefined') {\n try {\n const u = new URL(base, window.location.origin)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n return base\n }\n }\n return base\n }\n }\n\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const { codeVerifier, codeChallenge } = await generatePKCE()\n localStorage.setItem('gau-pkce-verifier', codeVerifier)\n\n const params = new URLSearchParams()\n params.set('redirectTo', redirectTo)\n if (profile)\n params.set('profile', String(profile))\n params.set('code_challenge', codeChallenge)\n const resolvedBase = resolveAbsoluteBase(baseUrl)\n const authUrl = `${resolvedBase}/${provider}?${params.toString()}`\n await openUrl(authUrl)\n}\n\nexport async function setupTauriListener(\n handler: (url: string) => Promise<void>,\n): Promise<(() => void) | void> {\n if (!isTauri())\n return\n\n const { listen } = await import('@tauri-apps/api/event')\n try {\n const unlisten = await listen<string>('deep-link', async (event) => {\n await handler(event.payload)\n })\n return unlisten\n }\n catch (err) {\n console.error(err)\n }\n}\n\nexport async function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void) {\n const parsed = new URL(url)\n const baseOrigin = resolveOrigin(baseUrl)\n if (parsed.protocol !== `${scheme}:` && (!baseOrigin || parsed.origin !== baseOrigin))\n return\n\n const queryParams = new URLSearchParams(parsed.search)\n const code = queryParams.get('code')\n if (code) {\n const verifier = localStorage.getItem('gau-pkce-verifier')\n if (!verifier) {\n console.error('No PKCE verifier found')\n return\n }\n localStorage.removeItem('gau-pkce-verifier')\n\n try {\n const res = await fetch(`${baseUrl}/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ code, codeVerifier: verifier }),\n })\n if (res.ok) {\n const data = await res.json()\n if (data.token)\n onToken(data.token)\n }\n else {\n console.error('Failed to exchange code for token')\n }\n }\n catch (e) {\n console.error('Error exchanging code for token:', e)\n }\n }\n}\n\nexport async function linkAccountWithTauri<const TAuth = unknown, P extends ProviderIds<TAuth> = ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> | string) | undefined = undefined>(\n provider: P,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n profile?: PR,\n) {\n if (!isTauri())\n return\n\n const { openUrl } = await import('@tauri-apps/plugin-opener')\n\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const token = getSessionToken()\n if (!token) {\n console.error('No session token found, cannot link account.')\n return\n }\n\n const params = new URLSearchParams()\n params.set('redirectTo', redirectTo)\n params.set('token', token)\n if (profile)\n params.set('profile', String(profile))\n const resolvedBase = (() => {\n try {\n const u = new URL(baseUrl)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n if (BROWSER && typeof window !== 'undefined') {\n try {\n const u = new URL(baseUrl, window.location.origin)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n return baseUrl\n }\n }\n return baseUrl\n }\n })()\n const linkUrl = `${resolvedBase}/link/${provider}?${params.toString()}`\n await openUrl(linkUrl)\n}\n\nexport async function startAuthBridge(\n baseUrl: string,\n scheme: string,\n onToken: (token: string) => Promise<void> | void,\n): Promise<(() => void) | void> {\n if (!isTauri())\n return\n\n const unlisten = await setupTauriListener(async (url) => {\n handleTauriDeepLink(url, baseUrl, scheme, onToken)\n })\n return unlisten\n}\n","import { BROWSER } from 'esm-env'\n\nexport function storeSessionToken(token: string) {\n if (!BROWSER)\n return\n try {\n localStorage.setItem('gau-token', token)\n document.cookie = `__gau-session-token=${token}; path=/; max-age=31536000; samesite=lax; secure`\n }\n catch {}\n}\n\nexport function getSessionToken(): string | null {\n if (!BROWSER)\n return null\n return localStorage.getItem('gau-token')\n}\n\nexport function clearSessionToken() {\n if (!BROWSER)\n return\n try {\n localStorage.removeItem('gau-token')\n document.cookie = `__gau-session-token=; path=/; max-age=0`\n }\n catch {}\n}\n\nexport async function generatePKCE() {\n if (!BROWSER || !window.crypto || !window.crypto.subtle)\n throw new Error('PKCE relies on window.crypto, which is not available in this environment.')\n\n function base64UrlEncode(array: Uint8Array): string {\n return btoa(String.fromCharCode(...array))\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '')\n }\n\n const verifierLength = 43\n const randomValues = new Uint8Array(verifierLength)\n window.crypto.getRandomValues(randomValues)\n const codeVerifier = base64UrlEncode(randomValues)\n\n const encoder = new TextEncoder()\n const data = encoder.encode(codeVerifier)\n const hash = await window.crypto.subtle.digest('SHA-256', data)\n const codeChallenge = base64UrlEncode(new Uint8Array(hash))\n\n return { codeVerifier, codeChallenge }\n}\n"],"mappings":";AACA,SAAS,WAAAA,gBAAe;;;ACDxB,SAAS,eAAe;AAEjB,SAAS,kBAAkB,OAAe;AAC/C,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,QAAQ,aAAa,KAAK;AACvC,aAAS,SAAS,uBAAuB,KAAK;AAAA,EAChD,QACM;AAAA,EAAC;AACT;AAEO,SAAS,kBAAiC;AAC/C,MAAI,CAAC;AACH,WAAO;AACT,SAAO,aAAa,QAAQ,WAAW;AACzC;AAEO,SAAS,oBAAoB;AAClC,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,WAAW,WAAW;AACnC,aAAS,SAAS;AAAA,EACpB,QACM;AAAA,EAAC;AACT;AAEA,eAAsB,eAAe;AACnC,MAAI,CAAC,WAAW,CAAC,OAAO,UAAU,CAAC,OAAO,OAAO;AAC/C,UAAM,IAAI,MAAM,2EAA2E;AAE7F,WAAS,gBAAgB,OAA2B;AAClD,WAAO,KAAK,OAAO,aAAa,GAAG,KAAK,CAAC,EACtC,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,EAAE;AAAA,EACtB;AAEA,QAAM,iBAAiB;AACvB,QAAM,eAAe,IAAI,WAAW,cAAc;AAClD,SAAO,OAAO,gBAAgB,YAAY;AAC1C,QAAM,eAAe,gBAAgB,YAAY;AAEjD,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,OAAO,QAAQ,OAAO,YAAY;AACxC,QAAM,OAAO,MAAM,OAAO,OAAO,OAAO,OAAO,WAAW,IAAI;AAC9D,QAAM,gBAAgB,gBAAgB,IAAI,WAAW,IAAI,CAAC;AAE1D,SAAO,EAAE,cAAc,cAAc;AACvC;;;AD9CO,SAAS,UAAmB;AACjC,SAAOC,YAAW,yBAAyB;AAC7C;AAEA,SAAS,cAAc,SAAgC;AACrD,MAAI;AACF,WAAO,IAAI,IAAI,OAAO,EAAE;AAAA,EAC1B,QACM;AACJ,QAAIA,YAAW,OAAO,WAAW,aAAa;AAC5C,UAAI;AACF,eAAO,IAAI,IAAI,SAAS,OAAO,SAAS,MAAM,EAAE;AAAA,MAClD,QACM;AACJ,eAAO;AAAA,MACT;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,gBACpB,UACA,SACA,SAAiB,OACjB,kBACA,SACA;AACA,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,2BAA2B;AAE5D,WAAS,oBAAoB,MAAsB;AACjD,QAAI;AACF,YAAM,IAAI,IAAI,IAAI,IAAI;AACtB,aAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,IACvC,QACM;AACJ,UAAIA,YAAW,OAAO,WAAW,aAAa;AAC5C,YAAI;AACF,gBAAM,IAAI,IAAI,IAAI,MAAM,OAAO,SAAS,MAAM;AAC9C,iBAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,QACvC,QACM;AACJ,iBAAO;AAAA,QACT;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA;AAEb,iBAAa,GAAG,MAAM;AAExB,QAAM,EAAE,cAAc,cAAc,IAAI,MAAM,aAAa;AAC3D,eAAa,QAAQ,qBAAqB,YAAY;AAEtD,QAAM,SAAS,IAAI,gBAAgB;AACnC,SAAO,IAAI,cAAc,UAAU;AACnC,MAAI;AACF,WAAO,IAAI,WAAW,OAAO,OAAO,CAAC;AACvC,SAAO,IAAI,kBAAkB,aAAa;AAC1C,QAAM,eAAe,oBAAoB,OAAO;AAChD,QAAM,UAAU,GAAG,YAAY,IAAI,QAAQ,IAAI,OAAO,SAAS,CAAC;AAChE,QAAM,QAAQ,OAAO;AACvB;AAEA,eAAsB,mBACpB,SAC8B;AAC9B,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,uBAAuB;AACvD,MAAI;AACF,UAAM,WAAW,MAAM,OAAe,aAAa,OAAO,UAAU;AAClE,YAAM,QAAQ,MAAM,OAAO;AAAA,IAC7B,CAAC;AACD,WAAO;AAAA,EACT,SACO,KAAK;AACV,YAAQ,MAAM,GAAG;AAAA,EACnB;AACF;AAEA,eAAsB,oBAAoB,KAAa,SAAiB,QAAgB,SAAkC;AACxH,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,QAAM,aAAa,cAAc,OAAO;AACxC,MAAI,OAAO,aAAa,GAAG,MAAM,QAAQ,CAAC,cAAc,OAAO,WAAW;AACxE;AAEF,QAAM,cAAc,IAAI,gBAAgB,OAAO,MAAM;AACrD,QAAM,OAAO,YAAY,IAAI,MAAM;AACnC,MAAI,MAAM;AACR,UAAM,WAAW,aAAa,QAAQ,mBAAmB;AACzD,QAAI,CAAC,UAAU;AACb,cAAQ,MAAM,wBAAwB;AACtC;AAAA,IACF;AACA,iBAAa,WAAW,mBAAmB;AAE3C,QAAI;AACF,YAAM,MAAM,MAAM,MAAM,GAAG,OAAO,UAAU;AAAA,QAC1C,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,MAAM,KAAK,UAAU,EAAE,MAAM,cAAc,SAAS,CAAC;AAAA,MACvD,CAAC;AACD,UAAI,IAAI,IAAI;AACV,cAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,YAAI,KAAK;AACP,kBAAQ,KAAK,KAAK;AAAA,MACtB,OACK;AACH,gBAAQ,MAAM,mCAAmC;AAAA,MACnD;AAAA,IACF,SACO,GAAG;AACR,cAAQ,MAAM,oCAAoC,CAAC;AAAA,IACrD;AAAA,EACF;AACF;AAEA,eAAsB,qBACpB,UACA,SACA,SAAiB,OACjB,kBACA,SACA;AACA,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,2BAA2B;AAE5D,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA;AAEb,iBAAa,GAAG,MAAM;AAExB,QAAM,QAAQ,gBAAgB;AAC9B,MAAI,CAAC,OAAO;AACV,YAAQ,MAAM,8CAA8C;AAC5D;AAAA,EACF;AAEA,QAAM,SAAS,IAAI,gBAAgB;AACnC,SAAO,IAAI,cAAc,UAAU;AACnC,SAAO,IAAI,SAAS,KAAK;AACzB,MAAI;AACF,WAAO,IAAI,WAAW,OAAO,OAAO,CAAC;AACvC,QAAM,gBAAgB,MAAM;AAC1B,QAAI;AACF,YAAM,IAAI,IAAI,IAAI,OAAO;AACzB,aAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,IACvC,QACM;AACJ,UAAIA,YAAW,OAAO,WAAW,aAAa;AAC5C,YAAI;AACF,gBAAM,IAAI,IAAI,IAAI,SAAS,OAAO,SAAS,MAAM;AACjD,iBAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,QACvC,QACM;AACJ,iBAAO;AAAA,QACT;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,EACF,GAAG;AACH,QAAM,UAAU,GAAG,YAAY,SAAS,QAAQ,IAAI,OAAO,SAAS,CAAC;AACrE,QAAM,QAAQ,OAAO;AACvB;AAEA,eAAsB,gBACpB,SACA,QACA,SAC8B;AAC9B,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,WAAW,MAAM,mBAAmB,OAAO,QAAQ;AACvD,wBAAoB,KAAK,SAAS,QAAQ,OAAO;AAAA,EACnD,CAAC;AACD,SAAO;AACT;","names":["BROWSER","BROWSER"]}
|
package/dist/chunk-XUNWIMPF.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
import{createJWTSignatureMessage as e,encodeJWT as t,JWSRegisteredHeaders as r,JWTRegisteredClaims as n,parseJWT as o}from"@oslojs/jwt";import{parse as s,serialize as i}from"cookie";var a={path:"/",sameSite:"lax",secure:!0,httpOnly:!0};function l(e){const t=new Map;if(e){const r=s(e);for(const e in r)t.set(e,r[e])}return t}var c=class{constructor(e,t){this.requestCookies=e,this.defaultOptions=t}#e=[];get(e){return this.requestCookies.get(e)}set(e,t,r){const n={...this.defaultOptions,...r};this.#e.push([e,t,n])}delete(e,t){this.set(e,"",{...t,expires:new Date(0),maxAge:0})}toHeaders(){const e=new Headers;for(const[t,r,n]of this.#e)e.append("Set-Cookie",i(t,r,n));return e}},u="__gau-csrf-token",d="__gau-session-token",f="__gau-session-strategy",h="__gau-linking-token",p="__gau-pkce-code-verifier",g="__gau-callback-uri",w="__gau-provider-options",m="__gau-client-challenge",y=600;import{serialize as k}from"cookie";function v({adapter:e,providers:t,basePath:r="/api/auth",jwt:n={},session:o={},cookies:s={},onOAuthExchange:i,mapExternalProfile:l,onBeforeLinkAccount:c,onAfterLinkAccount:u,trustHosts:f=[],autoLink:h="verifiedEmail",allowDifferentEmails:p=!0,updateUserInfoOnLink:g=!1,roles:w={},cors:m=!0,profiles:y}){const{algorithm:v="ES256",secret:A,iss:S,aud:b,ttl:T=604800}=n,x={...a,...s},E=o.strategy??"auto";if("ES256"===v&&void 0!==A&&"string"!=typeof A)throw new N("For ES256, the secret option must be a string.");const U=new Map(t.map(e=>[e.id,e])),C=!1!==m&&{allowedOrigins:(!0===m?"all":m.allowedOrigins)??"all",allowCredentials:(!0===m||m.allowCredentials)??!0,allowedHeaders:(!0===m?void 0:m.allowedHeaders)??["Content-Type","Authorization","Cookie"],allowedMethods:(!0===m?void 0:m.allowedMethods)??["GET","POST","OPTIONS"],exposeHeaders:!0===m?void 0:m.exposeHeaders,maxAge:!0===m?void 0:m.maxAge},H=y??{},O={defaultRole:w.defaultRole??"user",resolveOnCreate:w.resolveOnCreate,adminRoles:w.adminRoles??["admin"],adminUserIds:w.adminUserIds??[]};async function I(e,t={}){return W(e,function(e={}){const t={ttl:e.ttl,iss:e.iss??S,aud:e.aud??b,sub:e.sub};if("HS256"===v)return{algorithm:v,secret:e.secret??A,...t};{if(void 0!==e.secret&&"string"!=typeof e.secret)throw new N("For ES256, the secret option must be a string.");const r=e.secret??A;return{algorithm:v,privateKey:e.privateKey,secret:r,...t}}}(t))}async function P(e,t={}){const r=function(e={}){const t={iss:e.iss??S,aud:e.aud??b};if("HS256"===v)return{algorithm:v,secret:e.secret??A,...t};{if(void 0!==e.secret&&"string"!=typeof e.secret)throw new N("For ES256, the secret option must be a string.");const r=e.secret??A;return{algorithm:v,publicKey:e.publicKey,secret:r,...t}}}(t);try{return await K(e,r)}catch{return null}}async function L(e,t={},r=T){return I({sub:e,...t},{ttl:r})}async function M(e,t={}){const{data:r={},ttl:n=T}=t,o=await L(e,r,n),s={...x,maxAge:n};return{token:o,cookie:k(d,o,s),cookieName:d,maxAge:n}}return{...e,providerMap:U,basePath:r,cookieOptions:x,jwt:{ttl:T},onOAuthExchange:i,mapExternalProfile:l,onBeforeLinkAccount:c,onAfterLinkAccount:u,signJWT:I,verifyJWT:P,createSession:L,validateSession:async function(t){const r=await P(t);if(!r)return null;const n=await e.getUserAndAccounts(r.sub);if(!n)return null;const{user:o,accounts:s}=n,i=Boolean(o&&(o.role&&O.adminRoles.includes(o.role)||O.adminUserIds.length>0&&O.adminUserIds.includes(o.id)));return{user:o?{...o,isAdmin:i}:null,session:{id:t,...r},accounts:s}},issueSession:M,refreshSession:async function(t,r={}){const n=await P(t);if(!n||!n.sub)return null;if(null!=r.threshold&&r.threshold>0&&r.threshold<1){const{iat:e}=n;if(e){if(Math.floor(Date.now()/1e3)-e<(r.ttl??T)*r.threshold)return null}}if(!await e.getUser(n.sub))return null;const{sub:o,iat:s,exp:i,iss:a,aud:l,nbf:c,jti:u,...d}=n;return M(n.sub,{data:d,ttl:r.ttl})},getAccessToken:async function(t,r){const n=U.get(r);if(!n)return null;const o=(await e.getAccounts(t)).find(e=>e.provider===r);if(!o||!o.accessToken)return null;const s=Math.floor(Date.now()/1e3);if(!("number"==typeof o.expiresAt&&o.expiresAt<=s))return{accessToken:o.accessToken,expiresAt:o.expiresAt??null};if(!o.refreshToken||!n.refreshAccessToken)return null;try{const r=await n.refreshAccessToken(o.refreshToken,{}),s={userId:t,provider:o.provider,providerAccountId:o.providerAccountId,accessToken:r.accessToken??o.accessToken,refreshToken:r.refreshToken??o.refreshToken,expiresAt:r.expiresAt??null,idToken:r.idToken??o.idToken??null,tokenType:r.tokenType??o.tokenType??null,scope:r.scope??o.scope??null};return await(e.updateAccount?.(s)),{accessToken:s.accessToken,expiresAt:s.expiresAt}}catch{return null}},trustHosts:f,autoLink:h,allowDifferentEmails:p,profiles:H,updateUserInfoOnLink:g,sessionStrategy:E,development:!1,roles:O,cors:C}}async function A(e,t){if(e&&"function"==typeof e.onAfterLinkAccount)try{await e.onAfterLinkAccount(t)}catch(e){console.error("onAfterLinkAccount hook error:",e)}}async function S(e,t,r){const n=t.providerMap.get(r);if(!n)return _({error:"Provider not found"},{status:400});const o=new URL(e.url),s=o.searchParams.get("code"),i=o.searchParams.get("state");if(!s||!i)return _({error:"Missing code or state"},{status:400});const a=l(e.headers.get("Cookie")),f=new c(a,t.cookieOptions);let y,k="/";if(i.includes(".")){const[e,t]=i.split(".");y=e;try{k=atob(t??"")||"/"}catch{k="/"}}else y=i;const v=f.get(u);if(!v||v!==y)return _({error:"Invalid CSRF token"},{status:403});const S=f.get(p);if(!S)return _({error:"Missing PKCE code verifier"},{status:400});const b=f.get(g),T=f.get(w);let x;if(T)try{const e=atob(T),t=JSON.parse(e);x=t?.overrides}catch{}const E=f.get(h);E&&f.delete(h);const U=!!E;if(U){if(!await t.validateSession(E)){f.delete(u),f.delete(p),b&&f.delete(g),f.delete(w);const e=F(k);return f.toHeaders().forEach((t,r)=>e.headers.append(r,t)),e}}const{user:C,tokens:H}=await n.validateCallback(s,S,b??void 0,x);{const n=U?await t.validateSession(E):null,o=await async function(e,t){if(!e||"function"!=typeof e.onOAuthExchange)return{handled:!1};try{const r=await e.onOAuthExchange(t);return r&&"object"==typeof r?r:{handled:!1}}catch(e){return console.error("onOAuthExchange hook error:",e),{handled:!1}}}(t,{request:e,providerId:r,state:i,code:s,codeVerifier:S,callbackUri:b,redirectTo:k,cookies:f,providerUser:C,tokens:H,isLinking:U,sessionUserId:n?.user?.id});if(o.handled){f.delete(u),f.delete(p),b&&f.delete(g),f.delete(w);const e=o.response;return f.toHeaders().forEach((t,r)=>e.headers.append(r,t)),e}}const O=await async function(e,t){if(!e||"function"!=typeof e.mapExternalProfile)return t.providerUser;try{const r=await e.mapExternalProfile(t);return r?{...t.providerUser,...r}:t.providerUser}catch(e){return console.error("mapExternalProfile hook error:",e),t.providerUser}}(t,{request:e,providerId:r,providerUser:C,tokens:H,isLinking:U});if(!U&&!0===t.providerMap.get(r)?.linkOnly){f.delete(u),f.delete(p),b&&f.delete(g),f.delete(w);const e=_({error:"Sign-in with this provider is disabled. Please link it to an existing account."},{status:400});return f.toHeaders().forEach((t,r)=>e.headers.append(r,t)),e}let I=null;const P=await t.getUserByAccount(r,O.id);if(U){if(I=(await t.validateSession(E)).user,!I)return _({error:"User not found"},{status:404});if(P&&P.id!==I.id)return _({error:"Account already linked to another user"},{status:409});if(!1===t.allowDifferentEmails){const e=I.email,t=O.email;if(e&&t&&e!==t)return _({error:"Email mismatch between existing account and provider"},{status:400})}if(I){const e={id:I.id};let r=!1;if(t.updateUserInfoOnLink?(O.name&&O.name!==I.name&&(e.name=O.name,r=!0),O.avatar&&O.avatar!==I.image&&(e.image=O.avatar,r=!0)):(!I.name&&O.name&&(e.name=O.name,r=!0),!I.image&&O.avatar&&(e.image=O.avatar,r=!0)),I.email&&O.email&&I.email===O.email&&!0===O.emailVerified&&(!I.emailVerified||t.updateUserInfoOnLink)&&(e.emailVerified=!0,r=!0),r)try{I=await t.updateUser(e)}catch(e){console.error("Failed to update user info on link:",e)}}}else I=P;if(!I){const n=t.autoLink??"verifiedEmail";if(O.email&&("always"===n||"verifiedEmail"===n&&!0===O.emailVerified)){const e=await t.getUserByEmail(O.email);e&&(I=O.emailVerified&&!e.emailVerified?await t.updateUser({id:e.id,emailVerified:!0}):e)}if(!I)try{if(O.email&&!0===O.emailVerified&&!1===t.autoLink){if(await t.getUserByEmail(O.email))return _({error:"An account with this email already exists. Sign in with the existing method or link the provider."},{status:409})}let n;try{n=t.roles.resolveOnCreate?.({providerId:r,profile:O,request:e})}catch(e){console.error("roles.resolveOnCreate threw:",e)}const o=!0===O.emailVerified?O.email:null;I=await t.createUser({name:O.name,email:o,image:O.avatar,emailVerified:O.emailVerified,role:n??t.roles.defaultRole})}catch(e){return console.error("Failed to create user:",e),_({error:"Failed to create user"},{status:500})}}if(I&&O.email){const{email:e,emailVerified:r}=I,{email:n,emailVerified:o}=O,s={id:I.id};let i=!1;if(e||!0!==o?e!==n||!0!==o||r||(s.emailVerified=!0,i=!0):(s.email=n,s.emailVerified=!0,i=!0),i)try{I=await t.updateUser(s)}catch(e){console.error("Failed to update user after sign-in:",e)}}if(P)try{const n=(await t.getAccounts(I.id)).find(e=>e.provider===r&&e.providerAccountId===O.id);if(n&&t.updateAccount){let o,s,i,a;try{o=H.refreshToken()}catch{o=n.refreshToken??null}try{const e=H.accessTokenExpiresAt();e&&(s=Math.floor(e.getTime()/1e3))}catch{s=n.expiresAt??void 0}try{i=H.idToken()}catch{i=n.idToken??null}try{a=H.scopes()?.join(" ")??n.scope??null}catch{a=n.scope??null}await t.updateAccount({userId:I.id,provider:r,providerAccountId:O.id,accessToken:H.accessToken()??n.accessToken??void 0,refreshToken:o,expiresAt:s??n.expiresAt??void 0,tokenType:H.tokenType?.()??n.tokenType??null,scope:a,idToken:i}),await A(t,{request:e,providerId:r,userId:I.id,providerUser:O,tokens:H,action:"update"})}}catch(e){console.error("Failed to update account tokens on sign-in:",e)}else{let n,o,s;try{n=H.refreshToken()}catch{n=null}try{const e=H.accessTokenExpiresAt();e&&(o=Math.floor(e.getTime()/1e3))}catch{}try{s=H.idToken()}catch{s=null}{const n=await async function(e,t){if(!e||"function"!=typeof e.onBeforeLinkAccount)return{allow:!0};try{return await e.onBeforeLinkAccount(t)||{allow:!0}}catch(e){return console.error("onBeforeLinkAccount hook error:",e),{allow:!0}}}(t,{request:e,providerId:r,userId:I.id,providerUser:O,tokens:H});if(!1===n.allow){const e=n.response??_({error:"Linking not allowed"},{status:403});return f.toHeaders().forEach((t,r)=>e.headers.append(r,t)),e}}try{let i;try{i=H.scopes()?.join(" ")??null}catch{i=null}await t.linkAccount({userId:I.id,provider:r,providerAccountId:O.id,accessToken:H.accessToken(),refreshToken:n,expiresAt:o,tokenType:H.tokenType?.()??null,scope:i,idToken:s}),await A(t,{request:e,providerId:r,userId:I.id,providerUser:O,tokens:H,action:"link"})}catch(e){return console.error("Error linking account:",e),_({error:"Failed to link account"},{status:500})}}const L=await t.createSession(I.id),M=new URL(e.url),R=new URL(k,e.url),j="token"===t.sessionStrategy,V="cookie"===t.sessionStrategy,N="http:"!==R.protocol&&"https:"!==R.protocol,J=M.host!==R.host;if(j||!V&&(N||J)){const e=new URL(R),r=f.get(m);if(!r)return _({error:"Missing PKCE challenge"},{status:400});{const n=await t.signJWT({sub:I.id,challenge:r},{ttl:60});e.searchParams.set("code",n)}const n=`<!DOCTYPE html>\n<html lang="en">\n<head>\n <meta charset="utf-8" />\n <title>Authentication Complete</title>\n <style>\n body {\n font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";\n background-color: #09090b;\n color: #fafafa;\n display: flex;\n justify-content: center;\n align-items: center;\n height: 100vh;\n margin: 0;\n text-align: center;\n }\n .card {\n background-color: #18181b;\n border: 1px solid #27272a;\n border-radius: 0.75rem;\n padding: 2rem;\n max-width: 320px;\n }\n h1 {\n font-size: 1.25rem;\n font-weight: 600;\n margin: 0 0 0.5rem;\n }\n p {\n margin: 0;\n color: #a1a1aa;\n }\n </style>\n <script>\n window.onload = function() {\n const url = ${JSON.stringify(e.toString())};\n window.location.href = url;\n setTimeout(window.close, 500);\n };\n <\/script>\n</head>\n<body>\n <div class="card">\n <h1>Authentication Successful</h1>\n <p>You can now close this window.</p>\n </div>\n</body>\n</html>`;f.delete(u),f.delete(p),b&&f.delete(g),f.delete(w),f.delete(m);const o=new Response(n,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return f.toHeaders().forEach((e,t)=>{o.headers.append(t,e)}),o}f.set(d,L,{maxAge:t.jwt.ttl,sameSite:t.development?"lax":"none",secure:!t.development}),f.delete(u),f.delete(p),b&&f.delete(g),f.delete(w);let W;if("false"===o.searchParams.get("redirect")){const e=await t.getAccounts(I.id),r=Boolean(I.role&&t.roles.adminRoles.includes(I.role)||t.roles.adminUserIds.includes(I.id));W=_({user:{...I,isAdmin:r,accounts:e}})}else W=F(k);return f.toHeaders().forEach((e,t)=>{W.headers.append(t,e)}),W}function b(e,t){if(!1===t.cors)return!1;const r=t.cors;if("all"===r.allowedOrigins)return!0;if("trust"===r.allowedOrigins){if("all"===t.trustHosts)return!0;try{const r=new URL(e);return t.trustHosts.includes(r.host)||t.trustHosts.includes(r.hostname)}catch{return!1}}if(r.allowedOrigins.includes("*"))return!0;try{const t=new URL(e);return r.allowedOrigins.includes(e)||r.allowedOrigins.includes(t.origin)||r.allowedOrigins.includes(t.host)||r.allowedOrigins.includes(t.hostname)}catch{return r.allowedOrigins.includes(e)}}function T(e,t,r){if(!1===r.cors)return t;const n=e.headers.get("Origin")||e.headers.get("origin");if(!n)return t;if(!b(n,r))return t;const o=r.cors;t.headers.set("Vary","Origin");const s=o.allowCredentials,i="all"!==o.allowedOrigins||s?n:"*";return t.headers.set("Access-Control-Allow-Origin",i),s&&t.headers.set("Access-Control-Allow-Credentials","true"),t.headers.set("Access-Control-Allow-Headers",o.allowedHeaders.join(", ")),t.headers.set("Access-Control-Allow-Methods",o.allowedMethods.join(", ")),o.exposeHeaders?.length&&t.headers.set("Access-Control-Expose-Headers",o.exposeHeaders.join(", ")),t}function x(e,t){if(!1===t.cors)return new Response(null,{status:204});const r=e.headers.get("Origin")||e.headers.get("origin"),n=t.cors,o={};if(r&&b(r,t)){const e=n.allowCredentials,t="all"!==n.allowedOrigins||e?r:"*";o["Access-Control-Allow-Origin"]=t,e&&(o["Access-Control-Allow-Credentials"]="true")}return o["Access-Control-Allow-Headers"]=n.allowedHeaders.join(", "),o["Access-Control-Allow-Methods"]=n.allowedMethods.join(", "),null!=n.maxAge&&(o["Access-Control-Max-Age"]=String(n.maxAge)),n.exposeHeaders?.length&&(o["Access-Control-Expose-Headers"]=n.exposeHeaders.join(", ")),new Response(null,{status:204,headers:o})}import{generateCodeVerifier as E,generateState as U}from"arctic";function C(e,t,r){if("all"===t)return!0;const n=e.headers.get("origin");if(!n)return!1;let o;try{o=new URL(n).host}catch{return!1}if(r){if(o.startsWith("localhost")||o.startsWith("127.0.0.1"))return!0}const s=new URL(e.url),i=s.host;return n===`${s.protocol}//${i}`||t.includes(o)}async function H(e,t,r,n){const o=t.providerMap.get(r);if(!o)return _({error:"Provider not found"},{status:400});const{state:s,codeVerifier:i}={state:U(),codeVerifier:E()},a=new URL(e.url),d=a.searchParams.get("redirectTo"),f=a.searchParams.get("profile"),y=a.searchParams.get("prompt");if(d){let r;try{if(d.startsWith("//"))throw new Error("Protocol-relative URL not allowed");r=new URL(d,a.origin)}catch{return _({error:'Invalid "redirectTo" URL'},{status:400})}const n=r.host,o=n===new URL(e.url).host,s="all"===t.trustHosts||t.trustHosts.includes(n);if(("http:"===r.protocol||"https:"===r.protocol)&&!o&&!s)return _({error:"Untrusted redirect host"},{status:400})}const k=d?`${s}.${btoa(d)}`:s;let v,A,S,b,T=a.searchParams.get("callbackUri");if(!T&&o.requiresRedirectUri&&(T=`${a.origin}${t.basePath}/callback/${r}`),f){const e=(t.profiles?.[r]??{})[f];if(!e)return _({error:`Unknown profile "${f}" for provider "${r}"`},{status:400});e.redirectUri&&(T=e.redirectUri),e.scopes&&(v=e.scopes),e.params&&(A={...e.params??{}});const{tenant:o,prompt:s}=e;if(null==o&&null==s||(S={...S??{},tenant:o,prompt:s}),!n&&!0===e.linkOnly)return _({error:"This profile is link-only. Please link it to an existing account."},{status:400})}if(y&&(A={...A??{},prompt:y}),!n&&!0===o.linkOnly)return _({error:"Sign-in with this provider is disabled. Please link it to an existing account."},{status:400});try{b=await o.getAuthorizationUrl(k,i,{redirectUri:T??void 0,scopes:v,params:A,overrides:S})}catch(e){console.error("Error getting authorization URL:",e),b=null}if(!b)return _({error:"Could not create authorization URL"},{status:500});const x=l(e.headers.get("Cookie")),C=new c(x,t.cookieOptions),H={maxAge:600,sameSite:t.development?"lax":"none",secure:!t.development};C.set(u,s,H),C.set(p,i,H),n?C.set(h,n,H):C.delete(h,{sameSite:t.development?"lax":"none",secure:!t.development}),T&&C.set(g,T,H);const O=JSON.stringify({params:A??{},overrides:S??{}});C.set(w,btoa(O),H);const I=a.searchParams.get("code_challenge");I&&C.set(m,I,H);if("false"===a.searchParams.get("redirect")){const e=_({url:b.toString()});return C.toHeaders().forEach((t,r)=>{e.headers.append(r,t)}),e}const P=F(b.toString());return C.toHeaders().forEach((e,t)=>{P.headers.append(t,e)}),P}async function O(e,t,r){const n=new URL(e.url);let o=l(e.headers.get("Cookie")).get(d);if(!o){const t=e.headers.get("Authorization");t?.startsWith("Bearer ")&&(o=t.substring(7))}if(o||(o=n.searchParams.get("token")??void 0),!o)return _({error:"Unauthorized"},{status:401});if(!await t.validateSession(o))return _({error:"Unauthorized"},{status:401});n.searchParams.delete("token");return H(new Request(n.toString(),e),t,r,o)}async function I(e,t,r){let n=l(e.headers.get("Cookie")).get(d);if(!n){const t=e.headers.get("Authorization");t?.startsWith("Bearer ")&&(n=t.substring(7))}if(!n)return _({error:"Unauthorized"},{status:401});const o=await t.validateSession(n);if(!o||!o.user)return _({error:"Unauthorized"},{status:401});const s=o.accounts??[];if(s.length<=1)return _({error:"Cannot unlink the last account"},{status:400});const i=s.find(e=>e.provider===r);if(!i)return _({error:`Provider "${r}" not linked to this account`},{status:400});await t.unlinkAccount(r,i.providerAccountId);if((await t.getAccounts(o.user.id)).length>0&&o.user.email)try{await t.updateUser({id:o.user.id,email:null,emailVerified:!1})}catch(e){console.error("Failed to clear stale email after unlinking:",e)}return _({message:"Account unlinked successfully"})}async function P(e,t,r){return H(e,t,r,null)}async function L(e,t){const r=l(e.headers.get("Cookie")),n=new c(r,t.cookieOptions);n.delete(d,{sameSite:t.development?"lax":"none",secure:!t.development}),n.delete(h,{sameSite:t.development?"lax":"none",secure:!t.development});const o=_({message:"Signed out"});return n.toHeaders().forEach((e,t)=>{o.headers.append(t,e)}),o}async function M(e,t){let r=l(e.headers.get("Cookie")).get(d);if(!r){const t=e.headers.get("Authorization");t?.startsWith("Bearer ")&&(r=t.substring(7))}const n=Array.from(t.providerMap.keys());if(!r)return _({...V,providers:n});try{const e=await t.validateSession(r);return e?_({...e,providers:n}):_({...V,providers:n},{status:401})}catch(e){return console.error("Error validating session:",e),_({error:"Failed to validate session"},{status:500})}}async function R(e,t){if("POST"!==e.method)return _({error:"Method not allowed"},{status:405});let r;try{r=await e.json()}catch{return _({error:"Invalid JSON body"},{status:400})}const{code:n,codeVerifier:o}=r;if(!n||!o)return _({error:"Missing code or codeVerifier"},{status:400});const s=await t.verifyJWT(n);if(!s)return _({error:"Invalid or expired code"},{status:400});const{sub:i,challenge:a}=s,l=(new TextEncoder).encode(o),c=await crypto.subtle.digest("SHA-256",l),u=Array.from(new Uint8Array(c));if(a!==btoa(String.fromCharCode(...u)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,""))return _({error:"Invalid code verifier"},{status:400});return _({token:await t.createSession(i)})}function j(e){const{basePath:t}=e;return async function(r){if("OPTIONS"===r.method)return x(r,e);const n=new URL(r.url);if(!n.pathname.startsWith(t))return T(r,_({error:"Not Found"},{status:404}),e);if("POST"===r.method&&!C(r,e.trustHosts,e.development)){if(e.development){const t=r.headers.get("origin")??"N/A";return T(r,_({error:"Forbidden",message:`Untrusted origin: '${t}'. Add this origin to 'trustHosts' in createAuth() or ensure you are using 'localhost' or '127.0.0.1' for development.`},{status:403}),e)}return T(r,_({error:"Forbidden"},{status:403}),e)}const o=n.pathname.substring(t.length).split("/").filter(Boolean),s=o[0];if(!s)return T(r,_({error:"Not Found"},{status:404}),e);let i;i="GET"===r.method?"session"===s?await M(r,e):2===o.length&&"link"===o[0]?await O(r,e,o[1]):2===o.length&&"callback"===o[0]?await S(r,e,o[1]):1===o.length?await P(r,e,s):_({error:"Not Found"},{status:404}):"POST"===r.method?1===o.length&&"signout"===s?await L(r,e):1===o.length&&"token"===s?await R(r,e):2===o.length&&"unlink"===o[0]?await I(r,e,o[1]):_({error:"Not Found"},{status:404}):_({error:"Method Not Allowed"},{status:405});try{i.headers.set("Cache-Control","no-store, private"),i.headers.set("Pragma","no-cache"),i.headers.set("Expires","0")}catch{}return T(r,i,e)}}var V={user:null,session:null,accounts:null},N=class extends Error{cause;constructor(e,t){super(e),this.name="AuthError",this.cause=t}};function _(e,t={}){const r=new Headers(t.headers);return r.has("Content-Type")||r.set("Content-Type","application/json; charset=utf-8"),new Response(JSON.stringify(e),{...t,headers:r})}function F(e,t=302){return new Response(null,{status:t,headers:{Location:e}})}async function J(e){try{const t=function(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"=");try{const e=atob(n),t=e.length,r=new Uint8Array(t);for(let n=0;n<t;n++)r[n]=e.charCodeAt(n);return r}catch{throw new N("Invalid base64url string")}}(e),r=await crypto.subtle.importKey("pkcs8",t.slice(),{name:"ECDSA",namedCurve:"P-256"},!0,["sign"]),n=await crypto.subtle.exportKey("jwk",r);delete n.d,n.key_ops=["verify"];return{privateKey:r,publicKey:await crypto.subtle.importKey("jwk",n,{name:"ECDSA",namedCurve:"P-256"},!0,["verify"])}}catch(e){if(e instanceof N)throw e;throw new N("Invalid secret. Must be a base64url-encoded PKCS#8 private key for ES256. Use `bunx gau secret` to generate one.",e)}}async function W(r,n={}){let{algorithm:o="ES256",ttl:s,iss:i,aud:a,sub:l,privateKey:c,secret:u}=n;if("ES256"===o){if(!c){if("string"!=typeof u)throw new N("Missing secret for ES256 signing. It must be a base64url-encoded string.");({privateKey:c}=await J(u))}}else if("HS256"===o&&!u)throw new N("Missing secret for HS256 signing");const d=Math.floor(Date.now()/1e3),f={iat:d,iss:i,aud:a,sub:l,...r};null!=s&&s>0&&(f.exp=d+s);const h="HS256"===o,p=h?"HS256":"ES256",g=JSON.stringify({alg:p,typ:"JWT"}),w=JSON.stringify(f),m=e(g,w);let y;if(h){const e="string"==typeof u?(new TextEncoder).encode(u):u,t=await crypto.subtle.importKey("raw",e,{name:"HMAC",hash:"SHA-256"},!1,["sign"]);y=new Uint8Array(await crypto.subtle.sign("HMAC",t,m))}else y=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},c,m));return t(g,w,y)}async function K(e,t){let{algorithm:s="ES256",publicKey:i,secret:a,iss:l,aud:c}=t;if("ES256"===s&&!i){if("string"!=typeof a)throw new N("Missing secret for ES256 verification. Must be a base64url-encoded string.");({publicKey:i}=await J(a))}if("HS256"===s&&!a)throw new N("Missing secret for HS256 verification");const[u,d,f,h]=o(e),p=new r(u).algorithm();let g=!1;if("HS256"===s){if("HS256"!==p)throw new Error(`JWT algorithm is "${p}", but verifier was configured for "HS256"`);const e="string"==typeof a?(new TextEncoder).encode(a):a,t=await crypto.subtle.importKey("raw",e,{name:"HMAC",hash:"SHA-256"},!1,["sign"]);g=function(e,t){let r=e.length^t.length;const n=Math.max(e.length,t.length);for(let o=0;o<n;o++)r|=(e[o]??0)^(t[o]??0);return 0===r}(new Uint8Array(await crypto.subtle.sign("HMAC",t,h)),new Uint8Array(f))}else{if("ES256"!==p)throw new N(`JWT algorithm is "${p}", but verifier was configured for "ES256"`);const e=new Uint8Array(f);if(g=await crypto.subtle.verify({name:"ECDSA",hash:"SHA-256"},i,e,h),!g&&64===e.length)try{const t=function(e){if(64!==e.length)throw new Error("Invalid raw signature length");let t=e.slice(0,32),r=e.slice(32),n=0;for(;n<t.length-1&&0===t[n];)n++;t=t.slice(n);let o=0;for(;o<r.length-1&&0===r[o];)o++;if(r=r.slice(o),t.length>0&&128&t[0]){const e=new Uint8Array(t.length+1);e[0]=0,e.set(t,1),t=e}if(r.length>0&&128&r[0]){const e=new Uint8Array(r.length+1);e[0]=0,e.set(r,1),r=e}const s=t.length,i=r.length,a=2+s+2+i,l=new Uint8Array(2+a);return l[0]=48,l[1]=a,l[2]=2,l[3]=s,l.set(t,4),l[4+s]=2,l[5+s]=i,l.set(r,6+s),l}(e);g=await crypto.subtle.verify({name:"ECDSA",hash:"SHA-256"},i,t,h)}catch{g=!1}}if(!g)throw new N("Invalid JWT signature");const w=new n(d);if(w.hasExpiration()&&!w.verifyExpiration())throw new N("JWT expired");if(w.hasNotBefore()&&!w.verifyNotBefore())throw new N("JWT not yet valid");if(l&&d.iss!==l)throw new N("Invalid JWT issuer");if(c){const e=Array.isArray(c)?c:[c],t=d.aud?Array.isArray(d.aud)?d.aud:[d.aud]:[];if(!e.some(e=>t.includes(e)))throw new N("Invalid JWT audience")}return d}export{a as DEFAULT_COOKIE_SERIALIZE_OPTIONS,l as parseCookies,c as Cookies,u as CSRF_COOKIE_NAME,d as SESSION_COOKIE_NAME,f as SESSION_STRATEGY_COOKIE_NAME,h as LINKING_TOKEN_COOKIE_NAME,p as PKCE_COOKIE_NAME,g as CALLBACK_URI_COOKIE_NAME,w as PROVIDER_OPTIONS_COOKIE_NAME,m as CLIENT_CHALLENGE_COOKIE_NAME,y as CSRF_MAX_AGE,W as sign,K as verify,v as createAuth,S as handleCallback,T as applyCors,x as handlePreflight,C as verifyRequestOrigin,O as handleLink,I as handleUnlink,P as handleSignIn,L as handleSignOut,M as handleSession,R as handleToken,j as createHandler,V as NULL_SESSION,N as AuthError,_ as json,F as redirect};//# sourceMappingURL=chunk-XUNWIMPF.js.map
|