@silicajs/auth 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.js +3 -1
  2. package/dist/index.js.map +1 -1
  3. package/package.json +2 -2
package/dist/index.js CHANGED
@@ -6,7 +6,9 @@ import { APIError, createAuthMiddleware } from "better-auth/api";
6
6
  function isEmailAllowed(email, config) {
7
7
  if (!email) return false;
8
8
  const normalized = email.trim().toLowerCase();
9
- const allowedEmails = new Set((config.allowedEmails ?? []).map((item) => item.trim().toLowerCase()));
9
+ const allowedEmails = new Set(
10
+ (config.allowedEmails ?? []).map((item) => item.trim().toLowerCase())
11
+ );
10
12
  if (allowedEmails.has(normalized)) return true;
11
13
  return (config.allowedDomains ?? []).some((domain) => {
12
14
  const normalizedDomain = domain.trim().replace(/^@/, "").toLowerCase();
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/allowlist.ts","../src/session.ts"],"sourcesContent":["import { betterAuth } from \"better-auth\";\nimport { APIError, createAuthMiddleware } from \"better-auth/api\";\nimport type { AllowlistConfig } from \"./allowlist.js\";\nimport { hasAllowlist, isEmailAllowed } from \"./allowlist.js\";\n\nexport type SilicaAuthOptions = AllowlistConfig & {\n baseURL?: string;\n secret?: string;\n googleClientId?: string;\n googleClientSecret?: string;\n};\n\nexport function silicaAuth(options: SilicaAuthOptions = {}) {\n const allowlist = {\n allowedDomains: options.allowedDomains ?? [],\n allowedEmails: options.allowedEmails ?? [],\n };\n\n return betterAuth({\n baseURL: options.baseURL ?? process.env.BETTER_AUTH_URL,\n secret: options.secret ?? process.env.BETTER_AUTH_SECRET,\n socialProviders: {\n google: {\n clientId: options.googleClientId ?? process.env.GOOGLE_CLIENT_ID ?? \"\",\n clientSecret: options.googleClientSecret ?? process.env.GOOGLE_CLIENT_SECRET ?? \"\",\n },\n },\n session: {\n cookieCache: {\n enabled: true,\n maxAge: 7 * 24 * 60 * 60,\n strategy: \"jwe\",\n refreshCache: true,\n },\n },\n account: {\n storeAccountCookie: true,\n storeStateStrategy: \"cookie\",\n accountLinking: {\n enabled: false,\n },\n },\n hooks: {\n after: createAuthMiddleware(async (ctx) => {\n if (!ctx.path.includes(\"/callback/\")) return;\n if (!hasAllowlist(allowlist)) return;\n\n const email = ctx.context.newSession?.user.email ?? \"\";\n if (!isEmailAllowed(email, allowlist)) {\n throw new APIError(\"FORBIDDEN\", {\n message: \"Email is not allowed to access this Silica site.\",\n redirectTo: \"/not-allowed\",\n });\n }\n }),\n },\n });\n}\n\nexport { hasAllowlist, isEmailAllowed };\nexport { getSilicaSession, hasSilicaSessionCookie, isSilicaRequestAllowed } from \"./session.js\";\nexport type { AllowlistConfig };\nexport type { SilicaSession, SilicaSessionOptions } from \"./session.js\";\n","export type AllowlistConfig = {\n allowedEmails?: string[];\n allowedDomains?: string[];\n};\n\nexport function isEmailAllowed(email: string | undefined | null, config: AllowlistConfig): boolean {\n if (!email) return false;\n const normalized = email.trim().toLowerCase();\n const allowedEmails = new Set((config.allowedEmails ?? []).map((item) => item.trim().toLowerCase()));\n if (allowedEmails.has(normalized)) return true;\n\n return (config.allowedDomains ?? []).some((domain) => {\n const normalizedDomain = domain.trim().replace(/^@/, \"\").toLowerCase();\n return normalized.endsWith(`@${normalizedDomain}`);\n });\n}\n\nexport function hasAllowlist(config: AllowlistConfig): boolean {\n return Boolean(config.allowedEmails?.length || config.allowedDomains?.length);\n}\n","import { getCookieCache, getSessionCookie } from \"better-auth/cookies\";\nimport type { Session, User } from \"better-auth\";\nimport type { AllowlistConfig } from \"./allowlist.js\";\nimport { hasAllowlist, isEmailAllowed } from \"./allowlist.js\";\n\nexport type SilicaSession = {\n session: Session & Record<string, unknown>;\n user: User & Record<string, unknown>;\n updatedAt: number;\n version?: string;\n};\n\nexport type SilicaSessionOptions = AllowlistConfig & {\n secret?: string;\n strategy?: \"compact\" | \"jwt\" | \"jwe\";\n};\n\nexport async function getSilicaSession(request: Request | Headers, options: SilicaSessionOptions = {}): Promise<SilicaSession | null> {\n try {\n return await getCookieCache<SilicaSession>(request, {\n secret: options.secret ?? process.env.BETTER_AUTH_SECRET,\n strategy: options.strategy ?? \"jwe\",\n });\n } catch {\n return null;\n }\n}\n\nexport function hasSilicaSessionCookie(request: Request | Headers): boolean {\n return Boolean(getSessionCookie(request));\n}\n\nexport async function isSilicaRequestAllowed(request: Request | Headers, options: SilicaSessionOptions = {}): Promise<boolean> {\n const session = await getSilicaSession(request, options);\n if (!session) return false;\n if (!hasAllowlist(options)) return true;\n return isEmailAllowed(session.user.email, options);\n}\n"],"mappings":";AAAA,SAAS,kBAAkB;AAC3B,SAAS,UAAU,4BAA4B;;;ACIxC,SAAS,eAAe,OAAkC,QAAkC;AACjG,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,aAAa,MAAM,KAAK,EAAE,YAAY;AAC5C,QAAM,gBAAgB,IAAI,KAAK,OAAO,iBAAiB,CAAC,GAAG,IAAI,CAAC,SAAS,KAAK,KAAK,EAAE,YAAY,CAAC,CAAC;AACnG,MAAI,cAAc,IAAI,UAAU,EAAG,QAAO;AAE1C,UAAQ,OAAO,kBAAkB,CAAC,GAAG,KAAK,CAAC,WAAW;AACpD,UAAM,mBAAmB,OAAO,KAAK,EAAE,QAAQ,MAAM,EAAE,EAAE,YAAY;AACrE,WAAO,WAAW,SAAS,IAAI,gBAAgB,EAAE;AAAA,EACnD,CAAC;AACH;AAEO,SAAS,aAAa,QAAkC;AAC7D,SAAO,QAAQ,OAAO,eAAe,UAAU,OAAO,gBAAgB,MAAM;AAC9E;;;ACnBA,SAAS,gBAAgB,wBAAwB;AAiBjD,eAAsB,iBAAiB,SAA4B,UAAgC,CAAC,GAAkC;AACpI,MAAI;AACF,WAAO,MAAM,eAA8B,SAAS;AAAA,MAClD,QAAQ,QAAQ,UAAU,QAAQ,IAAI;AAAA,MACtC,UAAU,QAAQ,YAAY;AAAA,IAChC,CAAC;AAAA,EACH,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,uBAAuB,SAAqC;AAC1E,SAAO,QAAQ,iBAAiB,OAAO,CAAC;AAC1C;AAEA,eAAsB,uBAAuB,SAA4B,UAAgC,CAAC,GAAqB;AAC7H,QAAM,UAAU,MAAM,iBAAiB,SAAS,OAAO;AACvD,MAAI,CAAC,QAAS,QAAO;AACrB,MAAI,CAAC,aAAa,OAAO,EAAG,QAAO;AACnC,SAAO,eAAe,QAAQ,KAAK,OAAO,OAAO;AACnD;;;AFzBO,SAAS,WAAW,UAA6B,CAAC,GAAG;AAC1D,QAAM,YAAY;AAAA,IAChB,gBAAgB,QAAQ,kBAAkB,CAAC;AAAA,IAC3C,eAAe,QAAQ,iBAAiB,CAAC;AAAA,EAC3C;AAEA,SAAO,WAAW;AAAA,IAChB,SAAS,QAAQ,WAAW,QAAQ,IAAI;AAAA,IACxC,QAAQ,QAAQ,UAAU,QAAQ,IAAI;AAAA,IACtC,iBAAiB;AAAA,MACf,QAAQ;AAAA,QACN,UAAU,QAAQ,kBAAkB,QAAQ,IAAI,oBAAoB;AAAA,QACpE,cAAc,QAAQ,sBAAsB,QAAQ,IAAI,wBAAwB;AAAA,MAClF;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,aAAa;AAAA,QACX,SAAS;AAAA,QACT,QAAQ,IAAI,KAAK,KAAK;AAAA,QACtB,UAAU;AAAA,QACV,cAAc;AAAA,MAChB;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,gBAAgB;AAAA,QACd,SAAS;AAAA,MACX;AAAA,IACF;AAAA,IACA,OAAO;AAAA,MACL,OAAO,qBAAqB,OAAO,QAAQ;AACzC,YAAI,CAAC,IAAI,KAAK,SAAS,YAAY,EAAG;AACtC,YAAI,CAAC,aAAa,SAAS,EAAG;AAE9B,cAAM,QAAQ,IAAI,QAAQ,YAAY,KAAK,SAAS;AACpD,YAAI,CAAC,eAAe,OAAO,SAAS,GAAG;AACrC,gBAAM,IAAI,SAAS,aAAa;AAAA,YAC9B,SAAS;AAAA,YACT,YAAY;AAAA,UACd,CAAC;AAAA,QACH;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF,CAAC;AACH;","names":[]}
1
+ {"version":3,"sources":["../src/index.ts","../src/allowlist.ts","../src/session.ts"],"sourcesContent":["import { betterAuth } from \"better-auth\";\nimport { APIError, createAuthMiddleware } from \"better-auth/api\";\nimport type { AllowlistConfig } from \"./allowlist.js\";\nimport { hasAllowlist, isEmailAllowed } from \"./allowlist.js\";\n\nexport type SilicaAuthOptions = AllowlistConfig & {\n baseURL?: string;\n secret?: string;\n googleClientId?: string;\n googleClientSecret?: string;\n};\n\nexport function silicaAuth(options: SilicaAuthOptions = {}) {\n const allowlist = {\n allowedDomains: options.allowedDomains ?? [],\n allowedEmails: options.allowedEmails ?? [],\n };\n\n return betterAuth({\n baseURL: options.baseURL ?? process.env.BETTER_AUTH_URL,\n secret: options.secret ?? process.env.BETTER_AUTH_SECRET,\n socialProviders: {\n google: {\n clientId: options.googleClientId ?? process.env.GOOGLE_CLIENT_ID ?? \"\",\n clientSecret:\n options.googleClientSecret ?? process.env.GOOGLE_CLIENT_SECRET ?? \"\",\n },\n },\n session: {\n cookieCache: {\n enabled: true,\n maxAge: 7 * 24 * 60 * 60,\n strategy: \"jwe\",\n refreshCache: true,\n },\n },\n account: {\n storeAccountCookie: true,\n storeStateStrategy: \"cookie\",\n accountLinking: {\n enabled: false,\n },\n },\n hooks: {\n after: createAuthMiddleware(async (ctx) => {\n if (!ctx.path.includes(\"/callback/\")) return;\n if (!hasAllowlist(allowlist)) return;\n\n const email = ctx.context.newSession?.user.email ?? \"\";\n if (!isEmailAllowed(email, allowlist)) {\n throw new APIError(\"FORBIDDEN\", {\n message: \"Email is not allowed to access this Silica site.\",\n redirectTo: \"/not-allowed\",\n });\n }\n }),\n },\n });\n}\n\nexport { hasAllowlist, isEmailAllowed };\nexport {\n getSilicaSession,\n hasSilicaSessionCookie,\n isSilicaRequestAllowed,\n} from \"./session.js\";\nexport type { AllowlistConfig };\nexport type { SilicaSession, SilicaSessionOptions } from \"./session.js\";\n","export type AllowlistConfig = {\n allowedEmails?: string[];\n allowedDomains?: string[];\n};\n\nexport function isEmailAllowed(\n email: string | undefined | null,\n config: AllowlistConfig,\n): boolean {\n if (!email) return false;\n const normalized = email.trim().toLowerCase();\n const allowedEmails = new Set(\n (config.allowedEmails ?? []).map((item) => item.trim().toLowerCase()),\n );\n if (allowedEmails.has(normalized)) return true;\n\n return (config.allowedDomains ?? []).some((domain) => {\n const normalizedDomain = domain.trim().replace(/^@/, \"\").toLowerCase();\n return normalized.endsWith(`@${normalizedDomain}`);\n });\n}\n\nexport function hasAllowlist(config: AllowlistConfig): boolean {\n return Boolean(config.allowedEmails?.length || config.allowedDomains?.length);\n}\n","import { getCookieCache, getSessionCookie } from \"better-auth/cookies\";\nimport type { Session, User } from \"better-auth\";\nimport type { AllowlistConfig } from \"./allowlist.js\";\nimport { hasAllowlist, isEmailAllowed } from \"./allowlist.js\";\n\nexport type SilicaSession = {\n session: Session & Record<string, unknown>;\n user: User & Record<string, unknown>;\n updatedAt: number;\n version?: string;\n};\n\nexport type SilicaSessionOptions = AllowlistConfig & {\n secret?: string;\n strategy?: \"compact\" | \"jwt\" | \"jwe\";\n};\n\nexport async function getSilicaSession(\n request: Request | Headers,\n options: SilicaSessionOptions = {},\n): Promise<SilicaSession | null> {\n try {\n return await getCookieCache<SilicaSession>(request, {\n secret: options.secret ?? process.env.BETTER_AUTH_SECRET,\n strategy: options.strategy ?? \"jwe\",\n });\n } catch {\n return null;\n }\n}\n\nexport function hasSilicaSessionCookie(request: Request | Headers): boolean {\n return Boolean(getSessionCookie(request));\n}\n\nexport async function isSilicaRequestAllowed(\n request: Request | Headers,\n options: SilicaSessionOptions = {},\n): Promise<boolean> {\n const session = await getSilicaSession(request, options);\n if (!session) return false;\n if (!hasAllowlist(options)) return true;\n return isEmailAllowed(session.user.email, options);\n}\n"],"mappings":";AAAA,SAAS,kBAAkB;AAC3B,SAAS,UAAU,4BAA4B;;;ACIxC,SAAS,eACd,OACA,QACS;AACT,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,aAAa,MAAM,KAAK,EAAE,YAAY;AAC5C,QAAM,gBAAgB,IAAI;AAAA,KACvB,OAAO,iBAAiB,CAAC,GAAG,IAAI,CAAC,SAAS,KAAK,KAAK,EAAE,YAAY,CAAC;AAAA,EACtE;AACA,MAAI,cAAc,IAAI,UAAU,EAAG,QAAO;AAE1C,UAAQ,OAAO,kBAAkB,CAAC,GAAG,KAAK,CAAC,WAAW;AACpD,UAAM,mBAAmB,OAAO,KAAK,EAAE,QAAQ,MAAM,EAAE,EAAE,YAAY;AACrE,WAAO,WAAW,SAAS,IAAI,gBAAgB,EAAE;AAAA,EACnD,CAAC;AACH;AAEO,SAAS,aAAa,QAAkC;AAC7D,SAAO,QAAQ,OAAO,eAAe,UAAU,OAAO,gBAAgB,MAAM;AAC9E;;;ACxBA,SAAS,gBAAgB,wBAAwB;AAiBjD,eAAsB,iBACpB,SACA,UAAgC,CAAC,GACF;AAC/B,MAAI;AACF,WAAO,MAAM,eAA8B,SAAS;AAAA,MAClD,QAAQ,QAAQ,UAAU,QAAQ,IAAI;AAAA,MACtC,UAAU,QAAQ,YAAY;AAAA,IAChC,CAAC;AAAA,EACH,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,uBAAuB,SAAqC;AAC1E,SAAO,QAAQ,iBAAiB,OAAO,CAAC;AAC1C;AAEA,eAAsB,uBACpB,SACA,UAAgC,CAAC,GACf;AAClB,QAAM,UAAU,MAAM,iBAAiB,SAAS,OAAO;AACvD,MAAI,CAAC,QAAS,QAAO;AACrB,MAAI,CAAC,aAAa,OAAO,EAAG,QAAO;AACnC,SAAO,eAAe,QAAQ,KAAK,OAAO,OAAO;AACnD;;;AF/BO,SAAS,WAAW,UAA6B,CAAC,GAAG;AAC1D,QAAM,YAAY;AAAA,IAChB,gBAAgB,QAAQ,kBAAkB,CAAC;AAAA,IAC3C,eAAe,QAAQ,iBAAiB,CAAC;AAAA,EAC3C;AAEA,SAAO,WAAW;AAAA,IAChB,SAAS,QAAQ,WAAW,QAAQ,IAAI;AAAA,IACxC,QAAQ,QAAQ,UAAU,QAAQ,IAAI;AAAA,IACtC,iBAAiB;AAAA,MACf,QAAQ;AAAA,QACN,UAAU,QAAQ,kBAAkB,QAAQ,IAAI,oBAAoB;AAAA,QACpE,cACE,QAAQ,sBAAsB,QAAQ,IAAI,wBAAwB;AAAA,MACtE;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,aAAa;AAAA,QACX,SAAS;AAAA,QACT,QAAQ,IAAI,KAAK,KAAK;AAAA,QACtB,UAAU;AAAA,QACV,cAAc;AAAA,MAChB;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,gBAAgB;AAAA,QACd,SAAS;AAAA,MACX;AAAA,IACF;AAAA,IACA,OAAO;AAAA,MACL,OAAO,qBAAqB,OAAO,QAAQ;AACzC,YAAI,CAAC,IAAI,KAAK,SAAS,YAAY,EAAG;AACtC,YAAI,CAAC,aAAa,SAAS,EAAG;AAE9B,cAAM,QAAQ,IAAI,QAAQ,YAAY,KAAK,SAAS;AACpD,YAAI,CAAC,eAAe,OAAO,SAAS,GAAG;AACrC,gBAAM,IAAI,SAAS,aAAa;AAAA,YAC9B,SAAS;AAAA,YACT,YAAY;AAAA,UACd,CAAC;AAAA,QACH;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF,CAAC;AACH;","names":[]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@silicajs/auth",
3
- "version": "0.1.1",
3
+ "version": "0.1.3",
4
4
  "description": "Better Auth wrapper and allowlist helpers for Silica.",
5
5
  "type": "module",
6
6
  "license": "MIT",
@@ -23,7 +23,7 @@
23
23
  "lint": "tsc --noEmit"
24
24
  },
25
25
  "dependencies": {
26
- "better-auth": "1.6.11"
26
+ "better-auth": "1.6.19"
27
27
  },
28
28
  "homepage": "https://github.com/agdevhq/silica/tree/main/packages/auth#readme",
29
29
  "repository": {