@rttnd/gau 1.4.0-beta.2 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-KG42TKDW.js → chunk-5KEP3AIT.js} +1 -1
- package/dist/chunk-5KEP3AIT.js.map +1 -0
- package/dist/chunk-H7HMOWU7.js +1 -0
- package/dist/chunk-H7HMOWU7.js.map +1 -0
- package/dist/client/svelte/index.svelte.d.ts.map +1 -0
- package/dist/src/adapters/drizzle/index.d.ts.map +1 -0
- package/dist/src/adapters/drizzle/mysql.d.ts.map +1 -0
- package/dist/src/adapters/drizzle/pg.d.ts.map +1 -0
- package/dist/src/adapters/drizzle/sqlite.d.ts.map +1 -0
- package/dist/src/adapters/drizzle/transaction.d.ts.map +1 -0
- package/dist/src/adapters/index.d.ts.map +1 -0
- package/dist/src/adapters/memory/index.d.ts.map +1 -0
- package/dist/src/{src/cli → cli}/index.d.ts.map +1 -1
- package/dist/src/client/solid/Protected.d.ts.map +1 -1
- package/dist/src/client/solid/index.jsx +13 -7
- package/dist/src/client/svelte/index.svelte.js +1 -1
- package/dist/src/client/svelte/index.svelte.js.map +1 -1
- package/dist/src/core/cookies.d.ts +1 -0
- package/dist/src/core/cookies.d.ts.map +1 -1
- package/dist/src/core/createAuth.d.ts +69 -14
- package/dist/src/core/createAuth.d.ts.map +1 -1
- package/dist/src/core/errors.d.ts +4 -60
- package/dist/src/core/errors.d.ts.map +1 -1
- package/dist/src/core/handler.d.ts.map +1 -1
- package/dist/src/core/handlers/callback.d.ts.map +1 -1
- package/dist/src/core/handlers/index.js +1 -1
- package/dist/src/core/index.d.ts +5 -1
- package/dist/src/core/index.d.ts.map +1 -1
- package/dist/src/core/index.js +1 -1
- package/dist/src/core/templates.d.ts +0 -19
- package/dist/src/core/templates.d.ts.map +1 -1
- package/dist/src/index.d.ts.map +1 -0
- package/dist/src/index.js +1 -1
- package/dist/src/jwt/index.js +1 -1
- package/dist/src/runtimes/index.d.ts.map +1 -0
- package/dist/src/solidstart/index.d.ts.map +1 -0
- package/dist/src/solidstart/index.js +1 -1
- package/dist/src/solidstart/index.js.map +1 -1
- package/dist/src/sveltekit/index.d.ts.map +1 -0
- package/dist/src/sveltekit/index.js +1 -1
- package/dist/src/sveltekit/index.js.map +1 -1
- package/dist/templates-WVHIDNMP.js +1 -0
- package/package.json +1 -1
- package/dist/chunk-KG42TKDW.js.map +0 -1
- package/dist/chunk-QVJADO4S.js +0 -1
- package/dist/chunk-QVJADO4S.js.map +0 -1
- package/dist/src/client/svelte/index.svelte.d.ts.map +0 -1
- package/dist/src/src/adapters/drizzle/index.d.ts.map +0 -1
- package/dist/src/src/adapters/drizzle/mysql.d.ts.map +0 -1
- package/dist/src/src/adapters/drizzle/pg.d.ts.map +0 -1
- package/dist/src/src/adapters/drizzle/sqlite.d.ts.map +0 -1
- package/dist/src/src/adapters/drizzle/transaction.d.ts.map +0 -1
- package/dist/src/src/adapters/index.d.ts.map +0 -1
- package/dist/src/src/adapters/memory/index.d.ts.map +0 -1
- package/dist/src/src/client/token.d.ts +0 -11
- package/dist/src/src/client/token.d.ts.map +0 -1
- package/dist/src/src/core/cookies.d.ts +0 -24
- package/dist/src/src/core/cookies.d.ts.map +0 -1
- package/dist/src/src/core/createAuth.d.ts +0 -308
- package/dist/src/src/core/createAuth.d.ts.map +0 -1
- package/dist/src/src/core/errors.d.ts +0 -133
- package/dist/src/src/core/errors.d.ts.map +0 -1
- package/dist/src/src/core/handler.d.ts +0 -3
- package/dist/src/src/core/handler.d.ts.map +0 -1
- package/dist/src/src/core/handlers/callback.d.ts +0 -3
- package/dist/src/src/core/handlers/callback.d.ts.map +0 -1
- package/dist/src/src/core/handlers/cors.d.ts +0 -4
- package/dist/src/src/core/handlers/cors.d.ts.map +0 -1
- package/dist/src/src/core/handlers/index.d.ts +0 -8
- package/dist/src/src/core/handlers/index.d.ts.map +0 -1
- package/dist/src/src/core/handlers/link.d.ts +0 -4
- package/dist/src/src/core/handlers/link.d.ts.map +0 -1
- package/dist/src/src/core/handlers/login.d.ts +0 -4
- package/dist/src/src/core/handlers/login.d.ts.map +0 -1
- package/dist/src/src/core/handlers/session.d.ts +0 -3
- package/dist/src/src/core/handlers/session.d.ts.map +0 -1
- package/dist/src/src/core/handlers/token.d.ts +0 -3
- package/dist/src/src/core/handlers/token.d.ts.map +0 -1
- package/dist/src/src/core/handlers/utils.d.ts +0 -4
- package/dist/src/src/core/handlers/utils.d.ts.map +0 -1
- package/dist/src/src/core/hooks.d.ts +0 -50
- package/dist/src/src/core/hooks.d.ts.map +0 -1
- package/dist/src/src/core/index.d.ts +0 -98
- package/dist/src/src/core/index.d.ts.map +0 -1
- package/dist/src/src/core/templates.d.ts +0 -60
- package/dist/src/src/core/templates.d.ts.map +0 -1
- package/dist/src/src/core/utils.d.ts +0 -10
- package/dist/src/src/core/utils.d.ts.map +0 -1
- package/dist/src/src/index.d.ts.map +0 -1
- package/dist/src/src/jwt/index.d.ts +0 -2
- package/dist/src/src/jwt/index.d.ts.map +0 -1
- package/dist/src/src/jwt/jwt.d.ts +0 -48
- package/dist/src/src/jwt/jwt.d.ts.map +0 -1
- package/dist/src/src/jwt/utils.d.ts +0 -10
- package/dist/src/src/jwt/utils.d.ts.map +0 -1
- package/dist/src/src/oauth/index.d.ts +0 -52
- package/dist/src/src/oauth/index.d.ts.map +0 -1
- package/dist/src/src/oauth/providers/discord.d.ts +0 -3
- package/dist/src/src/oauth/providers/discord.d.ts.map +0 -1
- package/dist/src/src/oauth/providers/facebook.d.ts +0 -3
- package/dist/src/src/oauth/providers/facebook.d.ts.map +0 -1
- package/dist/src/src/oauth/providers/github.d.ts +0 -3
- package/dist/src/src/oauth/providers/github.d.ts.map +0 -1
- package/dist/src/src/oauth/providers/google.d.ts +0 -3
- package/dist/src/src/oauth/providers/google.d.ts.map +0 -1
- package/dist/src/src/oauth/providers/microsoft.d.ts +0 -8
- package/dist/src/src/oauth/providers/microsoft.d.ts.map +0 -1
- package/dist/src/src/oauth/utils.d.ts +0 -5
- package/dist/src/src/oauth/utils.d.ts.map +0 -1
- package/dist/src/src/runtimes/index.d.ts.map +0 -1
- package/dist/src/src/runtimes/tauri/index.d.ts +0 -8
- package/dist/src/src/runtimes/tauri/index.d.ts.map +0 -1
- package/dist/src/src/solidstart/index.d.ts.map +0 -1
- package/dist/src/src/sveltekit/index.d.ts.map +0 -1
- package/dist/templates-GI62CXWR.js +0 -1
- /package/dist/{src/client → client}/svelte/index.svelte.d.ts +0 -0
- /package/dist/src/{src/adapters → adapters}/drizzle/index.d.ts +0 -0
- /package/dist/src/{src/adapters → adapters}/drizzle/mysql.d.ts +0 -0
- /package/dist/src/{src/adapters → adapters}/drizzle/pg.d.ts +0 -0
- /package/dist/src/{src/adapters → adapters}/drizzle/sqlite.d.ts +0 -0
- /package/dist/src/{src/adapters → adapters}/drizzle/transaction.d.ts +0 -0
- /package/dist/src/{src/adapters → adapters}/index.d.ts +0 -0
- /package/dist/src/{src/adapters → adapters}/memory/index.d.ts +0 -0
- /package/dist/src/{src/cli → cli}/index.d.ts +0 -0
- /package/dist/src/{src/index.d.ts → index.d.ts} +0 -0
- /package/dist/src/{src/runtimes → runtimes}/index.d.ts +0 -0
- /package/dist/src/{src/solidstart → solidstart}/index.d.ts +0 -0
- /package/dist/src/{src/sveltekit → sveltekit}/index.d.ts +0 -0
- /package/dist/{templates-GI62CXWR.js.map → templates-WVHIDNMP.js.map} +0 -0
|
@@ -3,8 +3,8 @@ import type { SerializeOptions } from 'cookie';
|
|
|
3
3
|
import type { SignOptions, VerifyOptions } from '../jwt';
|
|
4
4
|
import type { AuthUser, OAuthProvider, OAuthProviderConfig, ProviderProfileOverrides } from '../oauth';
|
|
5
5
|
import type { Cookies } from './cookies';
|
|
6
|
-
import type { GauError } from './errors';
|
|
7
6
|
import type { Adapter, GauServerSession } from './index';
|
|
7
|
+
import { GauError } from './index';
|
|
8
8
|
type ProviderId<P> = P extends OAuthProvider<infer T> ? T : never;
|
|
9
9
|
export type ProviderIds<T> = T extends {
|
|
10
10
|
providerMap: Map<infer K extends string, any>;
|
|
@@ -12,6 +12,49 @@ export type ProviderIds<T> = T extends {
|
|
|
12
12
|
export type ProfileName<T, P extends string> = T extends {
|
|
13
13
|
profiles: infer R;
|
|
14
14
|
} ? P extends keyof R ? keyof R[P] : never : never;
|
|
15
|
+
export interface ImpersonationConfig {
|
|
16
|
+
enabled: boolean;
|
|
17
|
+
/** Roles that can impersonate others. Defaults to adminRoles from roles config. */
|
|
18
|
+
allowedRoles?: string[];
|
|
19
|
+
/** Roles that cannot be impersonated. Defaults to adminRoles from roles config. */
|
|
20
|
+
cannotImpersonate?: string[];
|
|
21
|
+
/** Maximum impersonation duration in seconds. Defaults to 3600 (1 hour). */
|
|
22
|
+
maxTTL?: number;
|
|
23
|
+
/**
|
|
24
|
+
* Hook called when impersonation starts.
|
|
25
|
+
* Use this to log impersonation events.
|
|
26
|
+
*/
|
|
27
|
+
onImpersonate?: (context: {
|
|
28
|
+
adminUserId: string;
|
|
29
|
+
targetUserId: string;
|
|
30
|
+
reason?: string;
|
|
31
|
+
timestamp: number;
|
|
32
|
+
}) => void | Promise<void>;
|
|
33
|
+
}
|
|
34
|
+
export interface StartImpersonationOptions {
|
|
35
|
+
/** Session duration in seconds (capped by maxTTL). */
|
|
36
|
+
ttl?: number;
|
|
37
|
+
/** Reason for impersonation, passed to onImpersonate hook. */
|
|
38
|
+
reason?: string;
|
|
39
|
+
}
|
|
40
|
+
export interface ImpersonationResult {
|
|
41
|
+
/** The impersonation session JWT. */
|
|
42
|
+
token: string;
|
|
43
|
+
/** Set-Cookie header for the impersonation session. */
|
|
44
|
+
cookie: string;
|
|
45
|
+
/** Set-Cookie header for stashing the admin's original session. */
|
|
46
|
+
originalCookie: string;
|
|
47
|
+
/** The maxAge in seconds. */
|
|
48
|
+
maxAge: number;
|
|
49
|
+
}
|
|
50
|
+
export interface EndImpersonationResult {
|
|
51
|
+
/** The restored admin session token. */
|
|
52
|
+
token: string;
|
|
53
|
+
/** Set-Cookie header for restoring the admin session. */
|
|
54
|
+
cookie: string;
|
|
55
|
+
/** Array of Set-Cookie headers to clear the stash cookie. */
|
|
56
|
+
clearCookies: string[];
|
|
57
|
+
}
|
|
15
58
|
export interface CreateAuthOptions<TProviders extends OAuthProvider[]> {
|
|
16
59
|
/** The database adapter to use for storing users and accounts. */
|
|
17
60
|
adapter: Adapter;
|
|
@@ -174,19 +217,18 @@ export interface CreateAuthOptions<TProviders extends OAuthProvider[]> {
|
|
|
174
217
|
* errorRedirect: '/auth/error' // Your custom error page
|
|
175
218
|
*/
|
|
176
219
|
errorRedirect?: string;
|
|
220
|
+
/**
|
|
221
|
+
* User impersonation.
|
|
222
|
+
* When enabled, admins can impersonate other users for support/debugging.
|
|
223
|
+
*/
|
|
224
|
+
impersonation?: ImpersonationConfig;
|
|
177
225
|
}
|
|
178
|
-
/**
|
|
179
|
-
* Options for issuing a session.
|
|
180
|
-
*/
|
|
181
226
|
export interface IssueSessionOptions {
|
|
182
227
|
/** Custom claims to include in the session JWT. */
|
|
183
228
|
data?: Record<string, unknown>;
|
|
184
229
|
/** Time-to-live in seconds (defaults to auth's configured jwt.ttl). */
|
|
185
230
|
ttl?: number;
|
|
186
231
|
}
|
|
187
|
-
/**
|
|
188
|
-
* Result of issuing a session.
|
|
189
|
-
*/
|
|
190
232
|
export interface IssueSessionResult {
|
|
191
233
|
/** The raw JWT session token (for Bearer auth or storage). */
|
|
192
234
|
token: string;
|
|
@@ -197,9 +239,6 @@ export interface IssueSessionResult {
|
|
|
197
239
|
/** The maxAge in seconds. */
|
|
198
240
|
maxAge: number;
|
|
199
241
|
}
|
|
200
|
-
/**
|
|
201
|
-
* Options for refreshing a session.
|
|
202
|
-
*/
|
|
203
242
|
export interface RefreshSessionOptions {
|
|
204
243
|
/** Override the default TTL for the new token. */
|
|
205
244
|
ttl?: number;
|
|
@@ -209,9 +248,6 @@ export interface RefreshSessionOptions {
|
|
|
209
248
|
*/
|
|
210
249
|
threshold?: number;
|
|
211
250
|
}
|
|
212
|
-
/**
|
|
213
|
-
* Result of refreshing a session. Extends IssueSessionResult with source information.
|
|
214
|
-
*/
|
|
215
251
|
export interface RefreshSessionResult extends IssueSessionResult {
|
|
216
252
|
/**
|
|
217
253
|
* How the original token was provided.
|
|
@@ -261,6 +297,24 @@ export type Auth<TProviders extends OAuthProvider[] = any> = Adapter & {
|
|
|
261
297
|
accessToken: string;
|
|
262
298
|
expiresAt?: number | null;
|
|
263
299
|
} | null>;
|
|
300
|
+
/**
|
|
301
|
+
* Start impersonating a target user.
|
|
302
|
+
* Requires impersonation to be enabled and the admin user to have appropriate permissions.
|
|
303
|
+
*
|
|
304
|
+
* @param adminUserId - The ID of the user initiating impersonation (must have allowed role)
|
|
305
|
+
* @param targetUserId - The ID of the user to impersonate
|
|
306
|
+
* @param options - Optional configuration for the impersonation session
|
|
307
|
+
* @returns ImpersonationResult with tokens and cookies, or null if impersonation is not allowed
|
|
308
|
+
*/
|
|
309
|
+
startImpersonation: (adminUserId: string, targetUserId: string, options?: StartImpersonationOptions) => Promise<ImpersonationResult | null>;
|
|
310
|
+
/**
|
|
311
|
+
* End an active impersonation session and restore the admin's original session.
|
|
312
|
+
* Extracts the stashed session from the request cookies.
|
|
313
|
+
*
|
|
314
|
+
* @param request - The request containing the stashed session cookie
|
|
315
|
+
* @returns EndImpersonationResult with restored session, or null if no stash found
|
|
316
|
+
*/
|
|
317
|
+
endImpersonation: (request: Request) => Promise<EndImpersonationResult | null>;
|
|
264
318
|
trustHosts: 'all' | string[];
|
|
265
319
|
autoLink: 'verifiedEmail' | 'always' | false;
|
|
266
320
|
allowDifferentEmails: boolean;
|
|
@@ -288,6 +342,7 @@ export type Auth<TProviders extends OAuthProvider[] = any> = Adapter & {
|
|
|
288
342
|
profiles: ResolvedProfiles<TProviders>;
|
|
289
343
|
onError?: CreateAuthOptions<TProviders>['onError'];
|
|
290
344
|
errorRedirect?: string;
|
|
345
|
+
impersonation: ImpersonationConfig | null;
|
|
291
346
|
};
|
|
292
347
|
export interface ProfileDefinition {
|
|
293
348
|
scopes?: string[];
|
|
@@ -303,6 +358,6 @@ export type ProfilesConfig<TProviders extends OAuthProvider[]> = Partial<{
|
|
|
303
358
|
[K in ProviderIdOfArray<TProviders>]: Record<string, ProfileDefinition & ProviderProfileOverrides<ProviderConfigFor<TProviders, K>>>;
|
|
304
359
|
}>;
|
|
305
360
|
export type ResolvedProfiles<TProviders extends OAuthProvider[]> = ProfilesConfig<TProviders>;
|
|
306
|
-
export declare function createAuth<const TProviders extends OAuthProvider[]>({ adapter, providers, basePath, jwt: jwtConfig, session: sessionConfig, cookies: cookieConfig, onOAuthExchange, mapExternalProfile, onBeforeLinkAccount, onAfterLinkAccount, trustHosts, autoLink, allowDifferentEmails, updateUserInfoOnLink, roles: rolesConfig, cors, profiles: profilesConfig, onError, errorRedirect }: CreateAuthOptions<TProviders>): Auth<TProviders>;
|
|
361
|
+
export declare function createAuth<const TProviders extends OAuthProvider[]>({ adapter, providers, basePath, jwt: jwtConfig, session: sessionConfig, cookies: cookieConfig, onOAuthExchange, mapExternalProfile, onBeforeLinkAccount, onAfterLinkAccount, trustHosts, autoLink, allowDifferentEmails, updateUserInfoOnLink, roles: rolesConfig, cors, profiles: profilesConfig, onError, errorRedirect, impersonation: impersonationConfig }: CreateAuthOptions<TProviders>): Auth<TProviders>;
|
|
307
362
|
export {};
|
|
308
363
|
//# sourceMappingURL=createAuth.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createAuth.d.ts","sourceRoot":"","sources":["../../../src/core/createAuth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAC1C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAA;AAC9C,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAA;AACxD,OAAO,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAA;AACtG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"createAuth.d.ts","sourceRoot":"","sources":["../../../src/core/createAuth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAC1C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAA;AAC9C,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAA;AACxD,OAAO,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAA;AACtG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAA;AAIxD,OAAO,EAAyB,QAAQ,EAAE,MAAM,SAAS,CAAA;AAGzD,KAAK,UAAU,CAAC,CAAC,IAAI,CAAC,SAAS,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;AACjE,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI,CAAC,SAAS;IAAE,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,MAAM,EAAE,GAAG,CAAC,CAAA;CAAE,GAAG,CAAC,GAAG,MAAM,CAAA;AAErG,MAAM,MAAM,WAAW,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,IAAI,CAAC,SAAS;IAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;CAAE,GAC1E,CAAC,SAAS,MAAM,CAAC,GACf,MAAM,CAAC,CAAC,CAAC,CAAC,GACV,KAAK,GACP,KAAK,CAAA;AAET,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAA;IAChB,mFAAmF;IACnF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IACvB,mFAAmF;IACnF,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC5B,4EAA4E;IAC5E,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;;OAGG;IACH,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE;QACxB,WAAW,EAAE,MAAM,CAAA;QACnB,YAAY,EAAE,MAAM,CAAA;QACpB,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,SAAS,EAAE,MAAM,CAAA;KAClB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CAC3B;AAID,MAAM,WAAW,yBAAyB;IACxC,sDAAsD;IACtD,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,8DAA8D;IAC9D,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,qCAAqC;IACrC,KAAK,EAAE,MAAM,CAAA;IACb,uDAAuD;IACvD,MAAM,EAAE,MAAM,CAAA;IACd,mEAAmE;IACnE,cAAc,EAAE,MAAM,CAAA;IACtB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,sBAAsB;IACrC,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAA;IACb,yDAAyD;IACzD,MAAM,EAAE,MAAM,CAAA;IACd,6DAA6D;IAC7D,YAAY,EAAE,MAAM,EAAE,CAAA;CACvB;AAED,MAAM,WAAW,iBAAiB,CAAC,UAAU,SAAS,aAAa,EAAE;IACnE,kEAAkE;IAClE,OAAO,EAAE,OAAO,CAAA;IAChB,2CAA2C;IAC3C,SAAS,EAAE,UAAU,CAAA;IACrB,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,iCAAiC;IACjC,OAAO,CAAC,EAAE;QACR,4EAA4E;QAC5E,QAAQ,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;KACvC,CAAA;IACD,sDAAsD;IACtD,GAAG,CAAC,EAAE;QACJ,uDAAuD;QACvD,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAA;QAC7B,2FAA2F;QAC3F,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,mCAAmC;QACnC,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,qCAAqC;QACrC,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,oEAAoE;QACpE,GAAG,CAAC,EAAE,MAAM,CAAA;KACb,CAAA;IACD,0CAA0C;IAC1C,OAAO,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;IACnC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE;QAC1B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,KAAK,EAAE,MAAM,CAAA;QACb,IAAI,EAAE,MAAM,CAAA;QACZ,YAAY,EAAE,MAAM,CAAA;QACpB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;QAC3B,UAAU,EAAE,MAAM,CAAA;QAClB,OAAO,EAAE,OAAO,CAAA;QAChB,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;QACpB,SAAS,EAAE,OAAO,CAAA;QAClB,aAAa,CAAC,EAAE,MAAM,CAAA;KACvB,KAAK,OAAO,CAAC;QAAE,OAAO,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAAG;QAAE,OAAO,EAAE,KAAK,CAAA;KAAE,CAAC,CAAA;IACzE,sEAAsE;IACtE,kBAAkB,CAAC,EAAE,CAAC,OAAO,EAAE;QAC7B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;QACpB,SAAS,EAAE,OAAO,CAAA;KACnB,KAAK,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,SAAS,CAAC,CAAA;IAC9D,8DAA8D;IAC9D,mBAAmB,CAAC,EAAE,CAAC,OAAO,EAAE;QAC9B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,MAAM,EAAE,MAAM,CAAA;QACd,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;KACrB,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,IAAI,CAAA;KAAE,GAAG;QAAE,KAAK,EAAE,KAAK,CAAC;QAAC,QAAQ,CAAC,EAAE,QAAQ,CAAA;KAAE,CAAC,CAAA;IACtE,mDAAmD;IACnD,kBAAkB,CAAC,EAAE,CAAC,OAAO,EAAE;QAC7B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,MAAM,EAAE,MAAM,CAAA;QACd,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;QACpB,MAAM,EAAE,MAAM,GAAG,QAAQ,CAAA;KAC1B,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACnB,uFAAuF;IACvF,UAAU,CAAC,EAAE,KAAK,GAAG,MAAM,EAAE,CAAA;IAC7B,+EAA+E;IAC/E,QAAQ,CAAC,EAAE,eAAe,GAAG,QAAQ,GAAG,KAAK,CAAA;IAC7C,mHAAmH;IACnH,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAC9B,iIAAiI;IACjI,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAC9B,4DAA4D;IAC5D,KAAK,CAAC,EAAE;QACN,4CAA4C;QAC5C,WAAW,CAAC,EAAE,MAAM,CAAA;QACpB,iHAAiH;QACjH,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE;YAAE,UAAU,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,GAAG,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,MAAM,GAAG,SAAS,CAAA;QACzG,6FAA6F;QAC7F,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;QACrB,+FAA+F;QAC/F,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;KACxB,CAAA;IACD;;;;OAIG;IACH,IAAI,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG;QACpB;;;;;;;WAOG;QACH,cAAc,CAAC,EAAE,KAAK,GAAG,OAAO,GAAG,MAAM,EAAE,CAAA;QAC3C,2EAA2E;QAC3E,gBAAgB,CAAC,EAAE,OAAO,CAAA;QAC1B,+EAA+E;QAC/E,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;QACzB,8DAA8D;QAC9D,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;QACzB,kCAAkC;QAClC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;QACxB,+CAA+C;QAC/C,MAAM,CAAC,EAAE,MAAM,CAAA;KAChB,CAAA;IACD;;;OAGG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAA;IACrC;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE;QAClB,KAAK,EAAE,QAAQ,CAAA;QACf,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,GAAG,SAAS,CAAA;IAC1D;;;;;;;;;OASG;IACH,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB;;;OAGG;IACH,aAAa,CAAC,EAAE,mBAAmB,CAAA;CACpC;AAED,MAAM,WAAW,mBAAmB;IAClC,mDAAmD;IACnD,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC9B,uEAAuE;IACvE,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,kBAAkB;IACjC,8DAA8D;IAC9D,KAAK,EAAE,MAAM,CAAA;IACb,6DAA6D;IAC7D,MAAM,EAAE,MAAM,CAAA;IACd,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAA;IAClB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAA;CACf;AAED,MAAM,WAAW,qBAAqB;IACpC,kDAAkD;IAClD,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,oBAAqB,SAAQ,kBAAkB;IAC9D;;;;;OAKG;IACH,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAA;CACtC;AAED,MAAM,MAAM,IAAI,CAAC,UAAU,SAAS,aAAa,EAAE,GAAG,GAAG,IAAI,OAAO,GAAG;IACrE,WAAW,EAAE,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;IACpE,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,gBAAgB,CAAA;IAC/B,GAAG,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAA;IACpB,eAAe,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,iBAAiB,CAAC,CAAA;IAClE,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,oBAAoB,CAAC,CAAA;IACxE,mBAAmB,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,qBAAqB,CAAC,CAAA;IAC1E,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,oBAAoB,CAAC,CAAA;IACxE,OAAO,EAAE,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,aAAa,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IACjH,SAAS,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,KAAK,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAA;IACpH,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IAChG,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAA;IACpE;;;OAGG;IACH,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,mBAAmB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAA;IAC5F;;;;;;;;;;OAUG;IACH,cAAc,EAAE,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,EAAE,OAAO,CAAC,EAAE,qBAAqB,KAAK,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAA;IAC3H;;;OAGG;IACH,cAAc,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IAC1H;;;;;;;;OAQG;IACH,kBAAkB,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,yBAAyB,KAAK,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAAA;IAC3I;;;;;;OAMG;IACH,gBAAgB,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC,CAAA;IAC9E,UAAU,EAAE,KAAK,GAAG,MAAM,EAAE,CAAA;IAC5B,QAAQ,EAAE,eAAe,GAAG,QAAQ,GAAG,KAAK,CAAA;IAC5C,oBAAoB,EAAE,OAAO,CAAA;IAC7B,oBAAoB,EAAE,OAAO,CAAA;IAC7B,eAAe,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;IAC5C,WAAW,EAAE,OAAO,CAAA;IACpB,KAAK,EAAE;QACL,WAAW,EAAE,MAAM,CAAA;QACnB,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE;YAAE,UAAU,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,GAAG,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,MAAM,GAAG,SAAS,CAAA;QACzG,UAAU,EAAE,MAAM,EAAE,CAAA;QACpB,YAAY,EAAE,MAAM,EAAE,CAAA;KACvB,CAAA;IACD,IAAI,EAAE,KAAK,GAAG;QACZ,cAAc,EAAE,KAAK,GAAG,OAAO,GAAG,MAAM,EAAE,CAAA;QAC1C,gBAAgB,EAAE,OAAO,CAAA;QACzB,cAAc,EAAE,MAAM,EAAE,CAAA;QACxB,cAAc,EAAE,MAAM,EAAE,CAAA;QACxB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;QACxB,MAAM,CAAC,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,QAAQ,EAAE,gBAAgB,CAAC,UAAU,CAAC,CAAA;IACtC,OAAO,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,CAAA;IAClD,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,aAAa,EAAE,mBAAmB,GAAG,IAAI,CAAA;CAC1C,CAAA;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,yGAAyG;IACzG,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAChC;AAED,KAAK,iBAAiB,CAAC,UAAU,SAAS,aAAa,EAAE,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;AAC3F,KAAK,iBAAiB,CAAC,UAAU,SAAS,aAAa,EAAE,EAAE,CAAC,SAAS,MAAM,IACvE,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,SAAS,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAA;AAEpH,MAAM,MAAM,cAAc,CAAC,UAAU,SAAS,aAAa,EAAE,IAAI,OAAO,CAAC;KACtE,CAAC,IAAI,iBAAiB,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,iBAAiB,GAAG,wBAAwB,CAAC,iBAAiB,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC;CACrI,CAAC,CAAA;AACF,MAAM,MAAM,gBAAgB,CAAC,UAAU,SAAS,aAAa,EAAE,IAAI,cAAc,CAAC,UAAU,CAAC,CAAA;AAE7F,wBAAgB,UAAU,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,EAAE,EAAE,EACnE,OAAO,EACP,SAAS,EACT,QAAsB,EACtB,GAAG,EAAE,SAAc,EACnB,OAAO,EAAE,aAAkB,EAC3B,OAAO,EAAE,YAAiB,EAC1B,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,UAAe,EACf,QAA0B,EAC1B,oBAA2B,EAC3B,oBAA4B,EAC5B,KAAK,EAAE,WAAgB,EACvB,IAAW,EACX,QAAQ,EAAE,cAAc,EACxB,OAAO,EACP,aAAa,EACb,aAAa,EAAE,mBAAmB,EACnC,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAqVlD"}
|
|
@@ -1,7 +1,3 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Default messages for each error code.
|
|
3
|
-
* This is the single source of truth for error codes and their messages.
|
|
4
|
-
*/
|
|
5
1
|
export declare const ErrorMessages: {
|
|
6
2
|
readonly CSRF_INVALID: "Invalid CSRF token";
|
|
7
3
|
readonly PKCE_MISSING: "Missing PKCE code verifier";
|
|
@@ -33,13 +29,11 @@ export declare const ErrorMessages: {
|
|
|
33
29
|
readonly UNTRUSTED_HOST: "Untrusted redirect host";
|
|
34
30
|
readonly UNKNOWN_PROFILE: "Unknown profile";
|
|
35
31
|
readonly INTERNAL_ERROR: "An unexpected error occurred";
|
|
32
|
+
readonly IMPERSONATION_DISABLED: "Impersonation is not enabled";
|
|
33
|
+
readonly IMPERSONATION_NOT_ALLOWED: "You are not allowed to impersonate users";
|
|
34
|
+
readonly IMPERSONATION_TARGET_PROTECTED: "Cannot impersonate users with protected roles";
|
|
36
35
|
};
|
|
37
|
-
/** Error code type derived from ErrorMessages keys */
|
|
38
36
|
export type ErrorCode = keyof typeof ErrorMessages;
|
|
39
|
-
/**
|
|
40
|
-
* Error codes object for developer ergonomics.
|
|
41
|
-
* Usage: `ErrorCodes.CSRF_INVALID` instead of `'CSRF_INVALID'`
|
|
42
|
-
*/
|
|
43
37
|
export declare const ErrorCodes: {
|
|
44
38
|
[K in ErrorCode]: K;
|
|
45
39
|
};
|
|
@@ -56,78 +50,28 @@ export interface GauErrorOptions {
|
|
|
56
50
|
/** Original error that caused this error */
|
|
57
51
|
cause?: unknown;
|
|
58
52
|
}
|
|
59
|
-
/**
|
|
60
|
-
* Structured error class for gau authentication errors.
|
|
61
|
-
* Contains all information needed for error handling and user feedback.
|
|
62
|
-
*
|
|
63
|
-
* @example
|
|
64
|
-
* // Using default message
|
|
65
|
-
* throw new GauError(ErrorCodes.CSRF_INVALID, { status: 403 })
|
|
66
|
-
*
|
|
67
|
-
* // Using custom message
|
|
68
|
-
* throw new GauError(ErrorCodes.PROVIDER_NOT_FOUND, `Provider "${id}" not found`)
|
|
69
|
-
*/
|
|
70
53
|
export declare class GauError extends Error {
|
|
71
54
|
readonly code: ErrorCode;
|
|
72
55
|
readonly status: number;
|
|
73
56
|
readonly redirectUrl?: string;
|
|
74
57
|
readonly cause?: unknown;
|
|
75
58
|
constructor(code: ErrorCode, messageOrOptions?: string | GauErrorOptions, options?: GauErrorOptions);
|
|
76
|
-
/**
|
|
77
|
-
* Convert to JSON-serializable object for API responses.
|
|
78
|
-
*/
|
|
79
59
|
toJSON(): {
|
|
80
60
|
error: string;
|
|
81
|
-
code: "ACCOUNT_ALREADY_LINKED" | "ACCOUNT_LINK_FAILED" | "ACCOUNT_NOT_LINKED" | "AUTHORIZATION_URL_FAILED" | "CANNOT_UNLINK_LAST_ACCOUNT" | "CODE_VERIFIER_INVALID" | "CSRF_INVALID" | "EMAIL_ALREADY_EXISTS" | "EMAIL_MISMATCH" | "FORBIDDEN" | "INTERNAL_ERROR" | "INVALID_REDIRECT_URL" | "INVALID_REQUEST" | "LINKING_NOT_ALLOWED" | "LINK_ONLY_PROVIDER" | "METHOD_NOT_ALLOWED" | "NOT_FOUND" | "OAUTH_CANCELLED" | "PKCE_CHALLENGE_MISSING" | "PKCE_MISSING" | "PROVIDER_NOT_FOUND" | "SESSION_INVALID" | "SESSION_VALIDATION_FAILED" | "TOKEN_EXPIRED" | "TOKEN_INVALID" | "UNAUTHORIZED" | "UNKNOWN_PROFILE" | "UNTRUSTED_HOST" | "USER_CREATE_FAILED" | "USER_NOT_FOUND";
|
|
61
|
+
code: "ACCOUNT_ALREADY_LINKED" | "ACCOUNT_LINK_FAILED" | "ACCOUNT_NOT_LINKED" | "AUTHORIZATION_URL_FAILED" | "CANNOT_UNLINK_LAST_ACCOUNT" | "CODE_VERIFIER_INVALID" | "CSRF_INVALID" | "EMAIL_ALREADY_EXISTS" | "EMAIL_MISMATCH" | "FORBIDDEN" | "IMPERSONATION_DISABLED" | "IMPERSONATION_NOT_ALLOWED" | "IMPERSONATION_TARGET_PROTECTED" | "INTERNAL_ERROR" | "INVALID_REDIRECT_URL" | "INVALID_REQUEST" | "LINKING_NOT_ALLOWED" | "LINK_ONLY_PROVIDER" | "METHOD_NOT_ALLOWED" | "NOT_FOUND" | "OAUTH_CANCELLED" | "PKCE_CHALLENGE_MISSING" | "PKCE_MISSING" | "PROVIDER_NOT_FOUND" | "SESSION_INVALID" | "SESSION_VALIDATION_FAILED" | "TOKEN_EXPIRED" | "TOKEN_INVALID" | "UNAUTHORIZED" | "UNKNOWN_PROFILE" | "UNTRUSTED_HOST" | "USER_CREATE_FAILED" | "USER_NOT_FOUND";
|
|
82
62
|
redirectUrl?: string | undefined;
|
|
83
63
|
};
|
|
84
64
|
}
|
|
85
|
-
/**
|
|
86
|
-
* Create an error redirect URL with query params.
|
|
87
|
-
* Used when errorRedirect is configured.
|
|
88
|
-
*/
|
|
89
65
|
export declare function createErrorRedirectUrl(baseUrl: string, error: GauError): string;
|
|
90
|
-
/**
|
|
91
|
-
* Context passed to error handlers.
|
|
92
|
-
*/
|
|
93
66
|
export interface ErrorContext {
|
|
94
67
|
error: GauError;
|
|
95
68
|
request: Request;
|
|
96
69
|
}
|
|
97
|
-
/**
|
|
98
|
-
* Configuration for error handling.
|
|
99
|
-
*/
|
|
100
70
|
export interface ErrorHandlerConfig {
|
|
101
71
|
basePath: string;
|
|
102
72
|
onError?: (context: ErrorContext) => Response | Promise<Response | undefined> | undefined;
|
|
103
73
|
errorRedirect?: string;
|
|
104
74
|
}
|
|
105
|
-
/**
|
|
106
|
-
* Determine if a request is user-facing (browser OAuth flow)
|
|
107
|
-
* vs API (programmatic fetch).
|
|
108
|
-
*
|
|
109
|
-
* Uses route-based detection (reliable) rather than Accept headers (unreliable).
|
|
110
|
-
*
|
|
111
|
-
* User-facing routes (browser navigates directly):
|
|
112
|
-
* - GET /:provider → OAuth sign-in start
|
|
113
|
-
* - GET /callback/:provider → OAuth callback from provider
|
|
114
|
-
* - GET /link/:provider → Account linking start
|
|
115
|
-
*
|
|
116
|
-
* API routes (JS fetch):
|
|
117
|
-
* - GET /session → Get current session
|
|
118
|
-
* - POST /signout → Sign out
|
|
119
|
-
* - POST /token → PKCE token exchange
|
|
120
|
-
* - POST /unlink/:provider → Unlink account
|
|
121
|
-
*/
|
|
122
75
|
export declare function isUserFacingRequest(request: Request, basePath: string): boolean;
|
|
123
|
-
/**
|
|
124
|
-
* Handle an error according to configuration.
|
|
125
|
-
* Returns the appropriate Response based on context.
|
|
126
|
-
*
|
|
127
|
-
* Priority:
|
|
128
|
-
* 1. Custom onError handler (if returns Response)
|
|
129
|
-
* 2. errorRedirect (for user-facing requests only)
|
|
130
|
-
* 3. Default: HTML error page for user-facing, JSON for API
|
|
131
|
-
*/
|
|
132
76
|
export declare function handleError(context: ErrorContext, config: ErrorHandlerConfig): Promise<Response>;
|
|
133
77
|
//# sourceMappingURL=errors.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/core/errors.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/core/errors.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+ChB,CAAA;AAEV,MAAM,MAAM,SAAS,GAAG,MAAM,OAAO,aAAa,CAAA;AAElD,eAAO,MAAM,UAAU,EAAE;KAAG,CAAC,IAAI,SAAS,GAAG,CAAC;CAElB,CAAA;AAE5B;;;GAGG;AACH,eAAO,MAAM,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAiB5D,CAAA;AAED,MAAM,WAAW,eAAe;IAC9B,sEAAsE;IACtE,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,4CAA4C;IAC5C,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED,qBAAa,QAAS,SAAQ,KAAK;IACjC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAA;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,SAAkB,KAAK,CAAC,EAAE,OAAO,CAAA;IAEjC,YACE,IAAI,EAAE,SAAS,EACf,gBAAgB,CAAC,EAAE,MAAM,GAAG,eAAe,EAC3C,OAAO,CAAC,EAAE,eAAe,EAe1B;IAED,MAAM;;;;MAML;CACF;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,GAAG,MAAM,CAS/E;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,QAAQ,CAAA;IACf,OAAO,EAAE,OAAO,CAAA;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,YAAY,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,GAAG,SAAS,CAAA;IACzF,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAsB/E;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,YAAY,EACrB,MAAM,EAAE,kBAAkB,GACzB,OAAO,CAAC,QAAQ,CAAC,CA0CnB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/core/handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AAexC,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,
|
|
1
|
+
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/core/handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AAexC,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CA+FjF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAkBzC,wBAAsB,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,
|
|
1
|
+
{"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAkBzC,wBAAsB,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAygBxG"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{applyCors as o,handleCallback as r,handleLink as m,handlePreflight as p,handleSession as t,handleSignIn as c,handleSignOut as h,handleToken as i,handleUnlink as j,verifyRequestOrigin as k}from"../../../chunk-
|
|
1
|
+
import{applyCors as o,handleCallback as r,handleLink as m,handlePreflight as p,handleSession as t,handleSignIn as c,handleSignOut as h,handleToken as i,handleUnlink as j,verifyRequestOrigin as k}from"../../../chunk-H7HMOWU7.js";import"../../../chunk-5KEP3AIT.js";export{o as applyCors,r as handleCallback,m as handleLink,p as handlePreflight,t as handleSession,c as handleSignIn,h as handleSignOut,i as handleToken,j as handleUnlink,k as verifyRequestOrigin};//# sourceMappingURL=index.js.map
|
package/dist/src/core/index.d.ts
CHANGED
|
@@ -21,7 +21,7 @@ export interface ClientAccount {
|
|
|
21
21
|
*/
|
|
22
22
|
export interface GauSession<TProviders extends string = string> {
|
|
23
23
|
user: User | null;
|
|
24
|
-
session: Session | null;
|
|
24
|
+
session: Omit<Session, 'id'> | null;
|
|
25
25
|
accounts?: ClientAccount[] | null;
|
|
26
26
|
providers?: TProviders[];
|
|
27
27
|
}
|
|
@@ -95,4 +95,8 @@ export * from './handler';
|
|
|
95
95
|
export * from './templates';
|
|
96
96
|
export * from './utils';
|
|
97
97
|
export declare const REFRESHED_TOKEN_HEADER = "X-Refreshed-Token";
|
|
98
|
+
/**
|
|
99
|
+
* Helper to check if a session is an impersonation session.
|
|
100
|
+
*/
|
|
101
|
+
export declare function isImpersonating(session: Session | null): boolean;
|
|
98
102
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,aAAa,CAAC,EAAE,OAAO,GAAG,IAAI,CAAA;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,UAAU,CAAC,UAAU,SAAS,MAAM,GAAG,MAAM;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IACjB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,aAAa,CAAC,EAAE,OAAO,GAAG,IAAI,CAAA;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,UAAU,CAAC,UAAU,SAAS,MAAM,GAAG,MAAM;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IACjB,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,IAAI,CAAA;IACnC,QAAQ,CAAC,EAAE,aAAa,EAAE,GAAG,IAAI,CAAA;IACjC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAA;CACzB;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB,CAAC,UAAU,SAAS,MAAM,GAAG,MAAM;IAClE,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IACjB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAA;IACvB,QAAQ,CAAC,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;IAC3B,SAAS,CAAC,EAAE,UAAU,EAAE,CAAA;CACzB;AAED,eAAO,MAAM,YAAY;;;;CAIf,CAAA;AAEV,wBAAgB,eAAe,CAAC,UAAU,SAAS,MAAM,GAAG,MAAM,EAChE,aAAa,EAAE,gBAAgB,CAAC,UAAU,CAAC,GAC1C,UAAU,CAAC,UAAU,CAAC,CAaxB;AAED,MAAM,WAAW,OAAQ,SAAQ,IAAI,CAAC,IAAI,EAAE,IAAI,GAAG,UAAU,GAAG,SAAS,CAAC;IACxE,EAAE,CAAC,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED,MAAM,WAAW,UAAW,SAAQ,OAAO;CAAG;AAE9C,MAAM,WAAW,OAAO;IACtB,OAAO,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IAC7C,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvD,gBAAgB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvF,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;IACnD,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IAC3F,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5C,WAAW,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChD,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7E,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC3H,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACnE,UAAU,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1C;AAED,qBAAa,SAAU,SAAQ,KAAK;IAClC,SAAkB,KAAK,CAAC,EAAE,OAAO,CAAA;IACjC,YAAY,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,EAI3C;CACF;AAED,wBAAgB,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,GAAE,YAAiB,GAAG,QAAQ,CAKlE;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,GAAG,GAAG,GAAS,GAAG,QAAQ,CAOvE;AAED,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,UAAU,CAAA;AACxB,cAAc,WAAW,CAAA;AACzB,cAAc,aAAa,CAAA;AAC3B,cAAc,SAAS,CAAA;AAEvB,eAAO,MAAM,sBAAsB,sBAAsB,CAAA;AAEzD;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,GAAG,OAAO,CAEhE"}
|
package/dist/src/core/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CLIENT_CHALLENGE_COOKIE_NAME as m,CSRF_COOKIE_NAME as p,CSRF_MAX_AGE as t,Cookies as c,DEFAULT_COOKIE_SERIALIZE_OPTIONS as f,ErrorCodes as h,ErrorMessages as i,ErrorStatuses as j,GauError as k,LINKING_TOKEN_COOKIE_NAME as n,NULL_SESSION as s,PKCE_COOKIE_NAME as u,PROVIDER_OPTIONS_COOKIE_NAME as
|
|
1
|
+
import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CLIENT_CHALLENGE_COOKIE_NAME as m,CSRF_COOKIE_NAME as p,CSRF_MAX_AGE as t,Cookies as c,DEFAULT_COOKIE_SERIALIZE_OPTIONS as f,ErrorCodes as h,ErrorMessages as i,ErrorStatuses as j,GauError as k,LINKING_TOKEN_COOKIE_NAME as n,NULL_SESSION as s,PKCE_COOKIE_NAME as u,PROVIDER_OPTIONS_COOKIE_NAME as H,REFRESHED_TOKEN_HEADER as e,SESSION_COOKIE_NAME as x,SESSION_STASH_COOKIE_NAME as A,SESSION_STRATEGY_COOKIE_NAME as E,createAuth as I,createErrorRedirectUrl as K,createHandler as M,getSessionTokenFromRequest as O,handleError as P,isImpersonating as T,isUserFacingRequest as U,json as W,parseCookies as a,redirect as b,toClientSession as d}from"../../chunk-H7HMOWU7.js";import{htmlResponse as g,renderCancelledPage as l,renderErrorPage as q,renderSuccessPage as v}from"../../chunk-5KEP3AIT.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CLIENT_CHALLENGE_COOKIE_NAME,p as CSRF_COOKIE_NAME,t as CSRF_MAX_AGE,c as Cookies,f as DEFAULT_COOKIE_SERIALIZE_OPTIONS,h as ErrorCodes,i as ErrorMessages,j as ErrorStatuses,k as GauError,n as LINKING_TOKEN_COOKIE_NAME,s as NULL_SESSION,u as PKCE_COOKIE_NAME,H as PROVIDER_OPTIONS_COOKIE_NAME,e as REFRESHED_TOKEN_HEADER,x as SESSION_COOKIE_NAME,A as SESSION_STASH_COOKIE_NAME,E as SESSION_STRATEGY_COOKIE_NAME,I as createAuth,K as createErrorRedirectUrl,M as createHandler,O as getSessionTokenFromRequest,P as handleError,g as htmlResponse,T as isImpersonating,U as isUserFacingRequest,W as json,a as parseCookies,b as redirect,l as renderCancelledPage,q as renderErrorPage,v as renderSuccessPage,d as toClientSession};//# sourceMappingURL=index.js.map
|
|
@@ -1,7 +1,3 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* HTML templates for gau error and success pages.
|
|
3
|
-
* Used for user-facing OAuth flow responses.
|
|
4
|
-
*/
|
|
5
1
|
export interface ErrorPageOptions {
|
|
6
2
|
/** Error title (default: "Authentication Error") */
|
|
7
3
|
title?: string;
|
|
@@ -18,10 +14,6 @@ export interface ErrorPageOptions {
|
|
|
18
14
|
/** Attempt to close the window after redirect (for OAuth popups) */
|
|
19
15
|
autoClose?: boolean;
|
|
20
16
|
}
|
|
21
|
-
/**
|
|
22
|
-
* Render a styled error page.
|
|
23
|
-
* Used for user-facing OAuth flow errors.
|
|
24
|
-
*/
|
|
25
17
|
export declare function renderErrorPage(options: ErrorPageOptions): string;
|
|
26
18
|
export interface SuccessPageOptions {
|
|
27
19
|
/** Success title (default: "Authentication Successful") */
|
|
@@ -33,10 +25,6 @@ export interface SuccessPageOptions {
|
|
|
33
25
|
/** Attempt to close the window after redirect (for OAuth popups) */
|
|
34
26
|
autoClose?: boolean;
|
|
35
27
|
}
|
|
36
|
-
/**
|
|
37
|
-
* Render a styled success page.
|
|
38
|
-
* Used for OAuth completion (e.g., Tauri deep-link handoff).
|
|
39
|
-
*/
|
|
40
28
|
export declare function renderSuccessPage(options: SuccessPageOptions): string;
|
|
41
29
|
export interface CancelledPageOptions {
|
|
42
30
|
/** Title (default: "Authentication Cancelled") */
|
|
@@ -48,13 +36,6 @@ export interface CancelledPageOptions {
|
|
|
48
36
|
/** Attempt to close the window after redirect (for OAuth popups) */
|
|
49
37
|
autoClose?: boolean;
|
|
50
38
|
}
|
|
51
|
-
/**
|
|
52
|
-
* Render a styled cancellation page.
|
|
53
|
-
* Used when user cancels OAuth flow.
|
|
54
|
-
*/
|
|
55
39
|
export declare function renderCancelledPage(options?: CancelledPageOptions): string;
|
|
56
|
-
/**
|
|
57
|
-
* Create an HTML Response with proper headers.
|
|
58
|
-
*/
|
|
59
40
|
export declare function htmlResponse(html: string, status?: number): Response;
|
|
60
41
|
//# sourceMappingURL=templates.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../../../src/core/templates.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../../../src/core/templates.ts"],"names":[],"mappings":"AA6CA,MAAM,WAAW,gBAAgB;IAC/B,oDAAoD;IACpD,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,+BAA+B;IAC/B,OAAO,EAAE,MAAM,CAAA;IACf,4BAA4B;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,gFAAgF;IAChF,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,gFAAgF;IAChF,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,uDAAuD;IACvD,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,oEAAoE;IACpE,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,gBAAgB,GAAG,MAAM,CAuCjE;AAED,MAAM,WAAW,kBAAkB;IACjC,2DAA2D;IAC3D,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,iCAAiC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,yBAAyB;IACzB,WAAW,EAAE,MAAM,CAAA;IACnB,oEAAoE;IACpE,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB;AAED,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,kBAAkB,GAAG,MAAM,CA6BrE;AAED,MAAM,WAAW,oBAAoB;IACnC,kDAAkD;IAClD,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,yBAAyB;IACzB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,yBAAyB;IACzB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,oEAAoE;IACpE,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,GAAE,oBAAyB,GAAG,MAAM,CA6B9E;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,SAAM,GAAG,QAAQ,CAKjE"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAA;AACtB,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA"}
|
package/dist/src/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CLIENT_CHALLENGE_COOKIE_NAME as m,CSRF_COOKIE_NAME as p,CSRF_MAX_AGE as t,Cookies as c,DEFAULT_COOKIE_SERIALIZE_OPTIONS as f,ErrorCodes as h,ErrorMessages as i,ErrorStatuses as j,GauError as k,LINKING_TOKEN_COOKIE_NAME as n,NULL_SESSION as s,PKCE_COOKIE_NAME as u,PROVIDER_OPTIONS_COOKIE_NAME as
|
|
1
|
+
import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CLIENT_CHALLENGE_COOKIE_NAME as m,CSRF_COOKIE_NAME as p,CSRF_MAX_AGE as t,Cookies as c,DEFAULT_COOKIE_SERIALIZE_OPTIONS as f,ErrorCodes as h,ErrorMessages as i,ErrorStatuses as j,GauError as k,LINKING_TOKEN_COOKIE_NAME as n,NULL_SESSION as s,PKCE_COOKIE_NAME as u,PROVIDER_OPTIONS_COOKIE_NAME as H,REFRESHED_TOKEN_HEADER as e,SESSION_COOKIE_NAME as x,SESSION_STASH_COOKIE_NAME as A,SESSION_STRATEGY_COOKIE_NAME as E,createAuth as I,createErrorRedirectUrl as K,createHandler as M,getSessionTokenFromRequest as O,handleError as P,isImpersonating as T,isUserFacingRequest as U,json as W,parseCookies as a,redirect as b,toClientSession as d}from"../chunk-H7HMOWU7.js";import{htmlResponse as g,renderCancelledPage as l,renderErrorPage as q,renderSuccessPage as v}from"../chunk-5KEP3AIT.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CLIENT_CHALLENGE_COOKIE_NAME,p as CSRF_COOKIE_NAME,t as CSRF_MAX_AGE,c as Cookies,f as DEFAULT_COOKIE_SERIALIZE_OPTIONS,h as ErrorCodes,i as ErrorMessages,j as ErrorStatuses,k as GauError,n as LINKING_TOKEN_COOKIE_NAME,s as NULL_SESSION,u as PKCE_COOKIE_NAME,H as PROVIDER_OPTIONS_COOKIE_NAME,e as REFRESHED_TOKEN_HEADER,x as SESSION_COOKIE_NAME,A as SESSION_STASH_COOKIE_NAME,E as SESSION_STRATEGY_COOKIE_NAME,I as createAuth,K as createErrorRedirectUrl,M as createHandler,O as getSessionTokenFromRequest,P as handleError,g as htmlResponse,T as isImpersonating,U as isUserFacingRequest,W as json,a as parseCookies,b as redirect,l as renderCancelledPage,q as renderErrorPage,v as renderSuccessPage,d as toClientSession};//# sourceMappingURL=index.js.map
|
package/dist/src/jwt/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{sign as o,verify as r}from"../../chunk-
|
|
1
|
+
import{sign as o,verify as r}from"../../chunk-H7HMOWU7.js";import"../../chunk-5KEP3AIT.js";export{o as sign,r as verify};//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/runtimes/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/solidstart/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAA2B,qBAAqB,EAAE,MAAM,SAAS,CAAA;AAClH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAE7C,OAAO,EAAE,UAAU,EAA2D,sBAAsB,EAAmB,MAAM,SAAS,CAAA;AAEtI,OAAO,EAAE,sBAAsB,EAAE,CAAA;AAEjC,KAAK,YAAY,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,IAAI,UAAU,CAAC,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;AAEtG;;;;;;;;;;;GAWG;AACH,wBAAgB,SAAS,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC;;;;EAe/I;AAED;;;;GAIG;AACH,wBAAgB,gCAAgC,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,UAAU,CAAC,gPAsB7H;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,cAAc,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAC1E,cAAc,EAAE,MAAM,EAAE,GAAG,OAAO,EAClC,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,iCA0BxE;AAWD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAC7E,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,EACvE,OAAO,GAAE,qBAA0B,iCAcpC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{NULL_SESSION as e,REFRESHED_TOKEN_HEADER as r,createAuth as n,createHandler as o,getSessionTokenFromRequest as s,toClientSession as t}from"../../chunk-
|
|
1
|
+
import{NULL_SESSION as e,REFRESHED_TOKEN_HEADER as r,createAuth as n,createHandler as o,getSessionTokenFromRequest as s,toClientSession as t}from"../../chunk-H7HMOWU7.js";import"../../chunk-5KEP3AIT.js";import i from"process";function c(e){const r=l(e);r.development="development"===i.env.NODE_ENV,r.errorRedirect||(r.errorRedirect="/auth/error");const n=o(r),s=e=>n(e.request);return{GET:s,POST:s,OPTIONS:s}}function a(r){return async function(n){const{token:o}=s(n),t=Array.from(r.providerMap.keys());if(!o)return{...e,providers:t};try{const n=await r.validateSession(o);return n?{...n,providers:t}:{...e,providers:t}}catch{return{...e,providers:t}}}}function u(e,r){const n=a(l(r));return async r=>{const o=new URL(r.request.url);if("boolean"==typeof e?e:e.includes(o.pathname)){const e=await n(r.request),o=t(e);return r.locals.getSession=async()=>o,void(r.locals.getServerSession=async()=>e)}let s=null,i=null;r.locals.getServerSession=()=>s??=n(r.request),r.locals.getSession=()=>i??=r.locals.getServerSession().then(t)}}function l(e){return"providerMap"in e&&"signJWT"in e?e:n(e)}function p(e,n={}){const o=l(e);return async e=>{const s=await o.refreshSession(e.request,n);s&&("cookie"===s.source?e.response.headers.set("Set-Cookie",s.cookie):e.response.headers.set(r,s.token))}}export{r as REFRESHED_TOKEN_HEADER,c as SolidAuth,u as authMiddleware,a as createSolidStartGetServerSession,p as refreshMiddleware};//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/solidstart/index.ts"],"sourcesContent":["import type { CreateAuthOptions, GauServerSession, GauSession, ProviderIds, RefreshSessionOptions } from '../core'\nimport type { OAuthProvider } from '../oauth'\nimport process from 'node:process'\nimport { createAuth, createHandler, getSessionTokenFromRequest, NULL_SESSION, REFRESHED_TOKEN_HEADER, toClientSession } from '../core'\n\nexport { REFRESHED_TOKEN_HEADER }\n\ntype AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>\n\n/**\n * Creates GET and POST handlers for SolidStart.\n *\n * @example\n * ```ts\n * // src/routes/api/auth/[...auth].ts\n * import { SolidAuth } from '@rttnd/gau/solid-start'\n * import { authOptions } from '~/server/auth'\n *\n * export const { GET, POST } = SolidAuth(authOptions)\n * ```\n */\nexport function SolidAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>) {\n const auth = resolveAuth(optionsOrAuth)\n\n auth.development = process.env.NODE_ENV === 'development'\n\n
|
|
1
|
+
{"version":3,"sources":["../../../src/solidstart/index.ts"],"sourcesContent":["import type { CreateAuthOptions, GauServerSession, GauSession, ProviderIds, RefreshSessionOptions } from '../core'\nimport type { OAuthProvider } from '../oauth'\nimport process from 'node:process'\nimport { createAuth, createHandler, getSessionTokenFromRequest, NULL_SESSION, REFRESHED_TOKEN_HEADER, toClientSession } from '../core'\n\nexport { REFRESHED_TOKEN_HEADER }\n\ntype AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>\n\n/**\n * Creates GET and POST handlers for SolidStart.\n *\n * @example\n * ```ts\n * // src/routes/api/auth/[...auth].ts\n * import { SolidAuth } from '@rttnd/gau/solid-start'\n * import { authOptions } from '~/server/auth'\n *\n * export const { GET, POST } = SolidAuth(authOptions)\n * ```\n */\nexport function SolidAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>) {\n const auth = resolveAuth(optionsOrAuth)\n\n auth.development = process.env.NODE_ENV === 'development'\n\n if (!auth.errorRedirect)\n auth.errorRedirect = '/auth/error'\n\n const handler = createHandler(auth)\n const solidHandler = (event: any) => handler(event.request)\n return {\n GET: solidHandler,\n POST: solidHandler,\n OPTIONS: solidHandler,\n }\n}\n\n/**\n * Creates a SolidStart-compatible getServerSession resolver to validate a session from a Request.\n * Returns full session data including access tokens - for server-side use only.\n * @internal\n */\nexport function createSolidStartGetServerSession<const TProviders extends OAuthProvider<any>[]>(auth: AuthInstance<TProviders>) {\n return async function getServerSessionFromRequest(\n request: Request,\n ): Promise<GauServerSession<ProviderIds<AuthInstance<TProviders>>>> {\n const { token: sessionToken } = getSessionTokenFromRequest(request)\n\n const providers = Array.from(auth.providerMap.keys()) as ProviderIds<AuthInstance<TProviders>>[]\n\n if (!sessionToken)\n return { ...NULL_SESSION, providers }\n\n try {\n const validated = await auth.validateSession(sessionToken)\n if (!validated)\n return { ...NULL_SESSION, providers }\n\n return { ...validated, providers }\n }\n catch {\n return { ...NULL_SESSION, providers }\n }\n }\n}\n\n/**\n * SolidStart middleware factory to attach `locals.getSession` and `locals.getServerSession`.\n *\n * - `getSession()` - Returns client-safe session (no tokens). Safe to serialize to browser.\n * - `getServerSession()` - Returns full session with access/refresh tokens. Server-only.\n *\n * @param pathsToPreLoad - Control eager vs lazy session loading:\n * - `true` - Preload session on all routes\n * - `false` - Lazy load (resolve on first `getSession()` call)\n * - `string[]` - Preload only on specific paths\n *\n * @example\n * ```ts\n * // middleware.ts\n * export default createMiddleware({\n * onRequest: [authMiddleware(true, auth)],\n * })\n */\nexport function authMiddleware<const TProviders extends OAuthProvider<any>[]>(\n pathsToPreLoad: string[] | boolean,\n optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>,\n) {\n const auth = resolveAuth(optionsOrAuth)\n\n const getServerSessionFromRequest = createSolidStartGetServerSession(auth)\n\n return async (event: any) => {\n const url = new URL(event.request.url)\n const shouldPreload = typeof pathsToPreLoad === 'boolean'\n ? pathsToPreLoad\n : pathsToPreLoad.includes(url.pathname)\n\n if (shouldPreload) {\n const preloaded = await getServerSessionFromRequest(event.request)\n const clientSession = toClientSession(preloaded)\n event.locals.getSession = async () => clientSession\n event.locals.getServerSession = async () => preloaded\n return\n }\n\n let cachedServer: Promise<GauServerSession<ProviderIds<AuthInstance<TProviders>>>> | null = null\n let cachedClient: Promise<GauSession<ProviderIds<AuthInstance<TProviders>>>> | null = null\n\n event.locals.getServerSession = () => cachedServer ??= getServerSessionFromRequest(event.request)\n event.locals.getSession = () => cachedClient ??= event.locals.getServerSession().then(toClientSession)\n }\n}\n\nfunction resolveAuth<const TProviders extends OAuthProvider<any>[]>(\n optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>,\n): AuthInstance<TProviders> {\n const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\n return isInstance\n ? (optionsOrAuth as AuthInstance<TProviders>)\n : createAuth(optionsOrAuth as CreateAuthOptions<TProviders>)\n}\n\n/**\n * SolidStart middleware to automatically refresh sessions.\n * Sets the appropriate header based on how the token was provided:\n * - Cookie → Set-Cookie header\n * - Bearer token → X-Refreshed-Token header (for Tauri/mobile clients)\n *\n * @example\n * ```ts\n * // middleware.ts\n * import { authMiddleware, refreshMiddleware } from '@rttnd/gau/solidstart'\n *\n * export default createMiddleware({\n * onRequest: [\n * authMiddleware(true, auth),\n * refreshMiddleware(auth, { threshold: 0.5 }),\n * ],\n * })\n * ```\n */\nexport function refreshMiddleware<const TProviders extends OAuthProvider<any>[]>(\n optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>,\n options: RefreshSessionOptions = {},\n) {\n const auth = resolveAuth(optionsOrAuth)\n\n return async (event: any) => {\n const refreshed = await auth.refreshSession(event.request, options)\n\n if (refreshed) {\n if (refreshed.source === 'cookie')\n event.response.headers.set('Set-Cookie', refreshed.cookie)\n else\n event.response.headers.set(REFRESHED_TOKEN_HEADER, refreshed.token)\n }\n }\n}\n"],"mappings":";;;;;;;;;;;AAEA,OAAO,aAAa;AAmBb,SAAS,UAAyD,eAAyE;AAChJ,QAAM,OAAO,YAAY,aAAa;AAEtC,OAAK,cAAc,QAAQ,IAAI,aAAa;AAE5C,MAAI,CAAC,KAAK;AACR,SAAK,gBAAgB;AAEvB,QAAM,UAAU,cAAc,IAAI;AAClC,QAAM,eAAe,CAAC,UAAe,QAAQ,MAAM,OAAO;AAC1D,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,EACX;AACF;AAOO,SAAS,iCAAgF,MAAgC;AAC9H,SAAO,eAAe,4BACpB,SACkE;AAClE,UAAM,EAAE,OAAO,aAAa,IAAI,2BAA2B,OAAO;AAElE,UAAM,YAAY,MAAM,KAAK,KAAK,YAAY,KAAK,CAAC;AAEpD,QAAI,CAAC;AACH,aAAO,EAAE,GAAG,cAAc,UAAU;AAEtC,QAAI;AACF,YAAM,YAAY,MAAM,KAAK,gBAAgB,YAAY;AACzD,UAAI,CAAC;AACH,eAAO,EAAE,GAAG,cAAc,UAAU;AAEtC,aAAO,EAAE,GAAG,WAAW,UAAU;AAAA,IACnC,QACM;AACJ,aAAO,EAAE,GAAG,cAAc,UAAU;AAAA,IACtC;AAAA,EACF;AACF;AAoBO,SAAS,eACd,gBACA,eACA;AACA,QAAM,OAAO,YAAY,aAAa;AAEtC,QAAM,8BAA8B,iCAAiC,IAAI;AAEzE,SAAO,OAAO,UAAe;AAC3B,UAAM,MAAM,IAAI,IAAI,MAAM,QAAQ,GAAG;AACrC,UAAM,gBAAgB,OAAO,mBAAmB,YAC5C,iBACA,eAAe,SAAS,IAAI,QAAQ;AAExC,QAAI,eAAe;AACjB,YAAM,YAAY,MAAM,4BAA4B,MAAM,OAAO;AACjE,YAAM,gBAAgB,gBAAgB,SAAS;AAC/C,YAAM,OAAO,aAAa,YAAY;AACtC,YAAM,OAAO,mBAAmB,YAAY;AAC5C;AAAA,IACF;AAEA,QAAI,eAAwF;AAC5F,QAAI,eAAkF;AAEtF,UAAM,OAAO,mBAAmB,MAAM,iBAAiB,4BAA4B,MAAM,OAAO;AAChG,UAAM,OAAO,aAAa,MAAM,iBAAiB,MAAM,OAAO,iBAAiB,EAAE,KAAK,eAAe;AAAA,EACvG;AACF;AAEA,SAAS,YACP,eAC0B;AAC1B,QAAM,aAAa,iBAAiB,iBAAiB,aAAa;AAClE,SAAO,aACF,gBACD,WAAW,aAA8C;AAC/D;AAqBO,SAAS,kBACd,eACA,UAAiC,CAAC,GAClC;AACA,QAAM,OAAO,YAAY,aAAa;AAEtC,SAAO,OAAO,UAAe;AAC3B,UAAM,YAAY,MAAM,KAAK,eAAe,MAAM,SAAS,OAAO;AAElE,QAAI,WAAW;AACb,UAAI,UAAU,WAAW;AACvB,cAAM,SAAS,QAAQ,IAAI,cAAc,UAAU,MAAM;AAAA;AAEzD,cAAM,SAAS,QAAQ,IAAI,wBAAwB,UAAU,KAAK;AAAA,IACtE;AAAA,EACF;AACF;","names":[]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/sveltekit/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAA6C,qBAAqB,EAAE,MAAM,SAAS,CAAA;AAClH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,EAAE,UAAU,EAA2D,sBAAsB,EAAmB,MAAM,SAAS,CAAA;AAEtI,OAAO,EAAE,sBAAsB,EAAE,CAAA;AAEjC,KAAK,YAAY,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,IAAI,UAAU,CAAC,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;AAEtG;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,aAAa,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC;;;;;EA+DnJ;AAWD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAC/E,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,EACvE,OAAO,GAAE,qBAA0B,GAClC,MAAM,CAiBR"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{NULL_SESSION as e,REFRESHED_TOKEN_HEADER as r,createAuth as t,createHandler as n,getSessionTokenFromRequest as o,toClientSession as s}from"../../chunk-
|
|
1
|
+
import{NULL_SESSION as e,REFRESHED_TOKEN_HEADER as r,createAuth as t,createHandler as n,getSessionTokenFromRequest as o,toClientSession as s}from"../../chunk-H7HMOWU7.js";import"../../chunk-5KEP3AIT.js";function i(r){const i="providerMap"in r&&"signJWT"in r?r:t(r);i.errorRedirect||(i.errorRedirect="/auth/error"),(async()=>{try{i.development=(await import("$app/environment")).dev}catch{i.development=!1}})();const a=n(i),c=e=>a(e.request);return{GET:c,POST:c,OPTIONS:c,handle:async({event:r,resolve:t})=>{let n=null,a=null;const c=()=>n??=(async()=>{const{token:t}=o(r.request),n=Array.from(i.providerMap.keys());if(!t)return{...e,providers:n};try{const r=await i.validateSession(t);return r?{...r,providers:n}:{...e,providers:n}}catch{return{...e,providers:n}}})();return r.locals.getServerSession=c,r.locals.getSession=()=>a??=c().then(s),t(r)}}}function a(e,n={}){const o=function(e){return"providerMap"in e&&"signJWT"in e?e:t(e)}(e);return async({event:e,resolve:t})=>{const s=await o.refreshSession(e.request,n),i=await t(e);return s&&("cookie"===s.source?i.headers.set("Set-Cookie",s.cookie):i.headers.set(r,s.token)),i}}export{r as REFRESHED_TOKEN_HEADER,i as SvelteKitAuth,a as createRefreshHandle};//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/sveltekit/index.ts"],"sourcesContent":["import type { Handle, RequestEvent } from '@sveltejs/kit'\nimport type { CreateAuthOptions, GauServerSession, GauSession, ProviderIds, RefreshSessionOptions } from '../core'\nimport type { OAuthProvider } from '../oauth'\nimport { createAuth, createHandler, getSessionTokenFromRequest, NULL_SESSION, REFRESHED_TOKEN_HEADER, toClientSession } from '../core'\n\nexport { REFRESHED_TOKEN_HEADER }\n\ntype AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>\n\n/**\n * Creates GET and POST handlers for SvelteKit.\n *\n * The returned `handle` hook attaches two methods to `event.locals`:\n * - `getSession()` - Returns client-safe session (no tokens). Safe to serialize to browser.\n * - `getServerSession()` - Returns full session with access/refresh tokens. Server-only.\n *\n * @example\n * ```ts\n * // src/routes/api/auth/[...gau]/+server.ts\n * import { SvelteKitAuth } from '@rttnd/gau/sveltekit'\n * import { auth } from '$lib/server/auth'\n *\n * export const { GET, POST, handle } = SvelteKitAuth(auth)\n * ```\n */\nexport function SvelteKitAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>) {\n // TODO: Duck-type to check if we have an instance or raw options\n const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\n\n const auth = isInstance\n ? (optionsOrAuth as AuthInstance<TProviders>)\n : createAuth(optionsOrAuth as CreateAuthOptions<TProviders>)\n\n
|
|
1
|
+
{"version":3,"sources":["../../../src/sveltekit/index.ts"],"sourcesContent":["import type { Handle, RequestEvent } from '@sveltejs/kit'\nimport type { CreateAuthOptions, GauServerSession, GauSession, ProviderIds, RefreshSessionOptions } from '../core'\nimport type { OAuthProvider } from '../oauth'\nimport { createAuth, createHandler, getSessionTokenFromRequest, NULL_SESSION, REFRESHED_TOKEN_HEADER, toClientSession } from '../core'\n\nexport { REFRESHED_TOKEN_HEADER }\n\ntype AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>\n\n/**\n * Creates GET and POST handlers for SvelteKit.\n *\n * The returned `handle` hook attaches two methods to `event.locals`:\n * - `getSession()` - Returns client-safe session (no tokens). Safe to serialize to browser.\n * - `getServerSession()` - Returns full session with access/refresh tokens. Server-only.\n *\n * @example\n * ```ts\n * // src/routes/api/auth/[...gau]/+server.ts\n * import { SvelteKitAuth } from '@rttnd/gau/sveltekit'\n * import { auth } from '$lib/server/auth'\n *\n * export const { GET, POST, handle } = SvelteKitAuth(auth)\n * ```\n */\nexport function SvelteKitAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>) {\n // TODO: Duck-type to check if we have an instance or raw options\n const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\n\n const auth = isInstance\n ? (optionsOrAuth as AuthInstance<TProviders>)\n : createAuth(optionsOrAuth as CreateAuthOptions<TProviders>)\n\n if (!auth.errorRedirect)\n auth.errorRedirect = '/auth/error'\n\n void (async () => {\n try {\n auth.development = (await import('$app/environment')).dev\n }\n catch {\n auth.development = false\n }\n })()\n\n const handler = createHandler(auth)\n const sveltekitHandler = (event: RequestEvent) => handler(event.request)\n\n const handle: Handle = async ({ event, resolve }) => {\n let cachedServer: Promise<GauServerSession<ProviderIds<AuthInstance<TProviders>>>> | null = null\n let cachedClient: Promise<GauSession<ProviderIds<AuthInstance<TProviders>>>> | null = null\n\n const getServerSession = (): Promise<GauServerSession<ProviderIds<AuthInstance<TProviders>>>> => {\n return cachedServer ??= (async () => {\n const { token: sessionToken } = getSessionTokenFromRequest(event.request)\n\n const providers = Array.from(auth.providerMap.keys()) as ProviderIds<AuthInstance<TProviders>>[]\n\n if (!sessionToken)\n return { ...NULL_SESSION, providers }\n\n try {\n const validated = await auth.validateSession(sessionToken)\n if (!validated)\n return { ...NULL_SESSION, providers }\n\n return { ...validated, providers }\n }\n catch {\n return { ...NULL_SESSION, providers }\n }\n })()\n };\n\n (event.locals as any).getServerSession = getServerSession;\n (event.locals as any).getSession = (): Promise<GauSession<ProviderIds<AuthInstance<TProviders>>>> => {\n return cachedClient ??= getServerSession().then(toClientSession)\n }\n\n return resolve(event)\n }\n\n return {\n GET: sveltekitHandler,\n POST: sveltekitHandler,\n OPTIONS: sveltekitHandler,\n handle,\n }\n}\n\nfunction resolveAuth<const TProviders extends OAuthProvider<any>[]>(\n optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>,\n): AuthInstance<TProviders> {\n const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\n return isInstance\n ? (optionsOrAuth as AuthInstance<TProviders>)\n : createAuth(optionsOrAuth as CreateAuthOptions<TProviders>)\n}\n\n/**\n * Creates a SvelteKit handle that automatically refreshes sessions.\n * Sets the appropriate header based on how the token was provided:\n * - Cookie → Set-Cookie header\n * - Bearer token → X-Refreshed-Token header (for Tauri/mobile clients)\n *\n * @example\n * ```ts\n * // hooks.server.ts\n * import { sequence } from '@sveltejs/kit/hooks'\n * import { handle as authHandle } from './routes/api/auth/[...gau]/+server'\n * import { createRefreshHandle } from '@rttnd/gau/sveltekit'\n * import { auth } from '$lib/server/auth'\n *\n * export const handle = sequence(authHandle, createRefreshHandle(auth, { threshold: 0.5 }))\n * ```\n */\nexport function createRefreshHandle<const TProviders extends OAuthProvider<any>[]>(\n optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>,\n options: RefreshSessionOptions = {},\n): Handle {\n const auth = resolveAuth(optionsOrAuth)\n\n return async ({ event, resolve }) => {\n const refreshed = await auth.refreshSession(event.request, options)\n\n const response = await resolve(event)\n\n if (refreshed) {\n if (refreshed.source === 'cookie')\n response.headers.set('Set-Cookie', refreshed.cookie)\n else\n response.headers.set(REFRESHED_TOKEN_HEADER, refreshed.token)\n }\n\n return response\n }\n}\n"],"mappings":";;;;;;;;;;;AAyBO,SAAS,cAA6D,eAAyE;AAEpJ,QAAM,aAAa,iBAAiB,iBAAiB,aAAa;AAElE,QAAM,OAAO,aACR,gBACD,WAAW,aAA8C;AAE7D,MAAI,CAAC,KAAK;AACR,SAAK,gBAAgB;AAEvB,QAAM,YAAY;AAChB,QAAI;AACF,WAAK,eAAe,MAAM,OAAO,kBAAkB,GAAG;AAAA,IACxD,QACM;AACJ,WAAK,cAAc;AAAA,IACrB;AAAA,EACF,GAAG;AAEH,QAAM,UAAU,cAAc,IAAI;AAClC,QAAM,mBAAmB,CAAC,UAAwB,QAAQ,MAAM,OAAO;AAEvE,QAAM,SAAiB,OAAO,EAAE,OAAO,QAAQ,MAAM;AACnD,QAAI,eAAwF;AAC5F,QAAI,eAAkF;AAEtF,UAAM,mBAAmB,MAAwE;AAC/F,aAAO,kBAAkB,YAAY;AACnC,cAAM,EAAE,OAAO,aAAa,IAAI,2BAA2B,MAAM,OAAO;AAExE,cAAM,YAAY,MAAM,KAAK,KAAK,YAAY,KAAK,CAAC;AAEpD,YAAI,CAAC;AACH,iBAAO,EAAE,GAAG,cAAc,UAAU;AAEtC,YAAI;AACF,gBAAM,YAAY,MAAM,KAAK,gBAAgB,YAAY;AACzD,cAAI,CAAC;AACH,mBAAO,EAAE,GAAG,cAAc,UAAU;AAEtC,iBAAO,EAAE,GAAG,WAAW,UAAU;AAAA,QACnC,QACM;AACJ,iBAAO,EAAE,GAAG,cAAc,UAAU;AAAA,QACtC;AAAA,MACF,GAAG;AAAA,IACL;AAEA,IAAC,MAAM,OAAe,mBAAmB;AACzC,IAAC,MAAM,OAAe,aAAa,MAAkE;AACnG,aAAO,iBAAiB,iBAAiB,EAAE,KAAK,eAAe;AAAA,IACjE;AAEA,WAAO,QAAQ,KAAK;AAAA,EACtB;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,IACT;AAAA,EACF;AACF;AAEA,SAAS,YACP,eAC0B;AAC1B,QAAM,aAAa,iBAAiB,iBAAiB,aAAa;AAClE,SAAO,aACF,gBACD,WAAW,aAA8C;AAC/D;AAmBO,SAAS,oBACd,eACA,UAAiC,CAAC,GAC1B;AACR,QAAM,OAAO,YAAY,aAAa;AAEtC,SAAO,OAAO,EAAE,OAAO,QAAQ,MAAM;AACnC,UAAM,YAAY,MAAM,KAAK,eAAe,MAAM,SAAS,OAAO;AAElE,UAAM,WAAW,MAAM,QAAQ,KAAK;AAEpC,QAAI,WAAW;AACb,UAAI,UAAU,WAAW;AACvB,iBAAS,QAAQ,IAAI,cAAc,UAAU,MAAM;AAAA;AAEnD,iBAAS,QAAQ,IAAI,wBAAwB,UAAU,KAAK;AAAA,IAChE;AAEA,WAAO;AAAA,EACT;AACF;","names":[]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
import{htmlResponse as o,renderCancelledPage as r,renderErrorPage as m,renderSuccessPage as p}from"./chunk-5KEP3AIT.js";export{o as htmlResponse,r as renderCancelledPage,m as renderErrorPage,p as renderSuccessPage};//# sourceMappingURL=templates-WVHIDNMP.js.map
|
package/package.json
CHANGED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/core/templates.ts"],"sourcesContent":["/**\n * HTML templates for gau error and success pages.\n * Used for user-facing OAuth flow responses.\n */\n\n/** Shared CSS styles for all gau pages */\nconst baseStyles = `\n body {\n font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, \"Helvetica Neue\", Arial, \"Noto Sans\", sans-serif, \"Apple Color Emoji\", \"Segoe UI Emoji\", \"Segoe UI Symbol\", \"Noto Color Emoji\";\n background-color: #09090b;\n color: #fafafa;\n display: flex;\n justify-content: center;\n align-items: center;\n height: 100vh;\n margin: 0;\n text-align: center;\n }\n .card {\n background-color: #18181b;\n border: 1px solid #27272a;\n border-radius: 0.75rem;\n padding: 2rem;\n max-width: 320px;\n }\n h1 {\n font-size: 1.25rem;\n font-weight: 600;\n margin: 0 0 0.5rem;\n }\n p {\n margin: 0;\n color: #a1a1aa;\n }\n .error-code {\n font-family: ui-monospace, monospace;\n font-size: 0.75rem;\n color: #71717a;\n margin-top: 0.5rem;\n }\n a {\n display: inline-block;\n margin-top: 1rem;\n color: #3b82f6;\n text-decoration: none;\n }\n a:hover {\n text-decoration: underline;\n }\n`\n\nexport interface ErrorPageOptions {\n /** Error title (default: \"Authentication Error\") */\n title?: string\n /** Error message to display */\n message: string\n /** Error code to display */\n code?: string\n /** URL to redirect to (shown as \"Go back\" link, also used for auto-redirect) */\n redirectUrl?: string\n /** Auto-redirect after showing error (default: true if redirectUrl provided) */\n autoRedirect?: boolean\n /** Delay before auto-redirect in ms (default: 3000) */\n redirectDelay?: number\n /** Attempt to close the window after redirect (for OAuth popups) */\n autoClose?: boolean\n}\n\n/**\n * Render a styled error page.\n * Used for user-facing OAuth flow errors.\n */\nexport function renderErrorPage(options: ErrorPageOptions): string {\n const {\n title = 'Authentication Error',\n message,\n code,\n redirectUrl,\n autoRedirect = !!redirectUrl,\n redirectDelay = 3000,\n autoClose = true,\n } = options\n\n const redirectScript = redirectUrl && autoRedirect\n ? `\n window.onload = function() {\n setTimeout(function() {\n window.location.href = ${JSON.stringify(redirectUrl)};\n ${autoClose ? 'setTimeout(window.close, 500);' : ''}\n }, ${redirectDelay});\n };\n `\n : ''\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\" />\n <title>${escapeHtml(title)}</title>\n <style>${baseStyles}</style>\n ${redirectScript ? `<script>${redirectScript}</script>` : ''}\n</head>\n<body>\n <div class=\"card\">\n <h1>${escapeHtml(title)}</h1>\n <p>${escapeHtml(message)}</p>\n ${code ? `<p class=\"error-code\">${escapeHtml(code)}</p>` : ''}\n ${redirectUrl ? `<a href=\"${escapeHtml(redirectUrl)}\">Go back</a>` : ''}\n </div>\n</body>\n</html>`\n}\n\nexport interface SuccessPageOptions {\n /** Success title (default: \"Authentication Successful\") */\n title?: string\n /** Success message to display */\n message?: string\n /** URL to redirect to */\n redirectUrl: string\n /** Attempt to close the window after redirect (for OAuth popups) */\n autoClose?: boolean\n}\n\n/**\n * Render a styled success page.\n * Used for OAuth completion (e.g., Tauri deep-link handoff).\n */\nexport function renderSuccessPage(options: SuccessPageOptions): string {\n const {\n title = 'Authentication Successful',\n message = 'You can now close this window.',\n redirectUrl,\n autoClose = true,\n } = options\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\" />\n <title>${escapeHtml(title)}</title>\n <style>${baseStyles}</style>\n <script>\n window.onload = function() {\n const url = ${JSON.stringify(redirectUrl)};\n window.location.href = url;\n ${autoClose ? 'setTimeout(window.close, 500);' : ''}\n };\n </script>\n</head>\n<body>\n <div class=\"card\">\n <h1>${escapeHtml(title)}</h1>\n <p>${escapeHtml(message)}</p>\n </div>\n</body>\n</html>`\n}\n\nexport interface CancelledPageOptions {\n /** Title (default: \"Authentication Cancelled\") */\n title?: string\n /** Message to display */\n message?: string\n /** URL to redirect to */\n redirectUrl?: string\n /** Attempt to close the window after redirect (for OAuth popups) */\n autoClose?: boolean\n}\n\n/**\n * Render a styled cancellation page.\n * Used when user cancels OAuth flow.\n */\nexport function renderCancelledPage(options: CancelledPageOptions = {}): string {\n const {\n title = 'Authentication Cancelled',\n message = 'Redirecting you back to the app...',\n redirectUrl = '/',\n autoClose = true,\n } = options\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\" />\n <title>${escapeHtml(title)}</title>\n <style>${baseStyles}</style>\n <script>\n window.onload = function() {\n const url = ${JSON.stringify(redirectUrl)};\n window.location.href = url;\n ${autoClose ? 'setTimeout(window.close, 500);' : ''}\n };\n </script>\n</head>\n<body>\n <div class=\"card\">\n <h1>${escapeHtml(title)}</h1>\n <p>${escapeHtml(message)}</p>\n </div>\n</body>\n</html>`\n}\n\n/**\n * Create an HTML Response with proper headers.\n */\nexport function htmlResponse(html: string, status = 200): Response {\n return new Response(html, {\n status,\n headers: { 'Content-Type': 'text/html; charset=utf-8' },\n })\n}\n\n/**\n * Escape HTML special characters to prevent XSS.\n */\nfunction escapeHtml(str: string): string {\n return str\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''')\n}\n"],"mappings":";AAMA,IAAM,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAkEZ,SAAS,gBAAgB,SAAmC;AACjE,QAAM;AAAA,IACJ,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,IACA;AAAA,IACA,eAAe,CAAC,CAAC;AAAA,IACjB,gBAAgB;AAAA,IAChB,YAAY;AAAA,EACd,IAAI;AAEJ,QAAM,iBAAiB,eAAe,eAClC;AAAA;AAAA;AAAA,iCAG2B,KAAK,UAAU,WAAW,CAAC;AAAA,UAClD,YAAY,mCAAmC,EAAE;AAAA,WAChD,aAAa;AAAA;AAAA,QAGlB;AAEJ,SAAO;AAAA;AAAA;AAAA;AAAA,WAIE,WAAW,KAAK,CAAC;AAAA,WACjB,UAAU;AAAA,IACjB,iBAAiB,WAAW,cAAc,cAAc,EAAE;AAAA;AAAA;AAAA;AAAA,UAIpD,WAAW,KAAK,CAAC;AAAA,SAClB,WAAW,OAAO,CAAC;AAAA,MACtB,OAAO,yBAAyB,WAAW,IAAI,CAAC,SAAS,EAAE;AAAA,MAC3D,cAAc,YAAY,WAAW,WAAW,CAAC,kBAAkB,EAAE;AAAA;AAAA;AAAA;AAI3E;AAiBO,SAAS,kBAAkB,SAAqC;AACrE,QAAM;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV;AAAA,IACA,YAAY;AAAA,EACd,IAAI;AAEJ,SAAO;AAAA;AAAA;AAAA;AAAA,WAIE,WAAW,KAAK,CAAC;AAAA,WACjB,UAAU;AAAA;AAAA;AAAA,oBAGD,KAAK,UAAU,WAAW,CAAC;AAAA;AAAA,QAEvC,YAAY,mCAAmC,EAAE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,UAM/C,WAAW,KAAK,CAAC;AAAA,SAClB,WAAW,OAAO,CAAC;AAAA;AAAA;AAAA;AAI5B;AAiBO,SAAS,oBAAoB,UAAgC,CAAC,GAAW;AAC9E,QAAM;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,cAAc;AAAA,IACd,YAAY;AAAA,EACd,IAAI;AAEJ,SAAO;AAAA;AAAA;AAAA;AAAA,WAIE,WAAW,KAAK,CAAC;AAAA,WACjB,UAAU;AAAA;AAAA;AAAA,oBAGD,KAAK,UAAU,WAAW,CAAC;AAAA;AAAA,QAEvC,YAAY,mCAAmC,EAAE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,UAM/C,WAAW,KAAK,CAAC;AAAA,SAClB,WAAW,OAAO,CAAC;AAAA;AAAA;AAAA;AAI5B;AAKO,SAAS,aAAa,MAAc,SAAS,KAAe;AACjE,SAAO,IAAI,SAAS,MAAM;AAAA,IACxB;AAAA,IACA,SAAS,EAAE,gBAAgB,2BAA2B;AAAA,EACxD,CAAC;AACH;AAKA,SAAS,WAAW,KAAqB;AACvC,SAAO,IACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,QAAQ;AAC3B;","names":[]}
|