@soulcraft/sdk 2.4.1 → 2.5.0

package/dist/modules/auth/sveltekit.d.ts

@@ -0,0 +1,208 @@
+/**
+ * @module modules/auth/sveltekit
+ * @description Opinionated SvelteKit auth integration for Soulcraft products.
+ *
+ * `createSoulcraftAuth()` returns everything a SvelteKit product needs for auth:
+ * a `Handle` hook, a backchannel-logout request handler, and a logout request handler.
+ * One function, zero choices.
+ *
+ * ## What it does
+ *
+ * - **Session resolution** — reads the IdP cross-domain cookie, verifies via
+ *   `createRemoteSessionVerifier` (30s LRU cache) in production or
+ *   `createDevCookieVerifier` in dev mode
+ * - **Stale cookie recovery** — detects "cookie present but session null" and
+ *   clears the stale cookie via `Set-Cookie: Max-Age=0`, breaking redirect loops
+ * - **CSRF bypass** — rewrites the `origin` header for `POST /api/auth/backchannel-logout`
+ *   so SvelteKit's built-in CSRF check doesn't block server-to-server IdP calls
+ * - **User enrichment** — optional `enrichUser` callback for product-specific
+ *   role resolution (e.g. Venue staff lookup, Portal admin check)
+ * - **Backchannel logout** — verifies the HS256 JWT logout token from the IdP
+ * - **Logout** — clears local cookies and returns the IdP end-session URL
+ *
+ * ## Usage
+ *
+ * ```typescript
+ * // hooks.server.ts
+ * import { createSoulcraftAuth } from '@soulcraft/sdk/server'
+ *
+ * const auth = createSoulcraftAuth({ product: 'venue' })
+ * export const handle = auth.handle
+ *
+ * // routes/api/auth/backchannel-logout/+server.ts
+ * export const POST = auth.backchannelHandler
+ *
+ * // routes/api/auth/logout/+server.ts
+ * export const POST = auth.logoutHandler
+ * ```
+ *
+ * @example With user enrichment (Venue staff role)
+ * ```typescript
+ * const auth = createSoulcraftAuth({
+ *   product: 'venue',
+ *   enrichUser: async (user, event) => {
+ *     const staff = await lookupStaff(event.locals.brain, user.id)
+ *     return { ...user, role: staff?.role ?? 'customer' }
+ *   }
+ * })
+ * ```
+ */
+import type { SessionVerifier } from './middleware.js';
+import type { SoulcraftSessionUser } from './types.js';
+/**
+ * Minimal SvelteKit RequestEvent shape. Structurally compatible with
+ * `@sveltejs/kit`'s `RequestEvent` without requiring it as a dependency.
+ */
+export interface SvelteKitEvent {
+    request: Request;
+    url: URL;
+    locals: Record<string, unknown>;
+    cookies: {
+        delete(name: string, opts?: {
+            path?: string;
+        }): void;
+    };
+}
+/**
+ * Minimal SvelteKit Handle function shape. Structurally compatible with
+ * `@sveltejs/kit`'s `Handle` type.
+ */
+export type SvelteKitHandle = (input: {
+    event: SvelteKitEvent;
+    resolve: (event: SvelteKitEvent) => Promise<Response>;
+}) => Promise<Response>;
+/**
+ * Minimal SvelteKit RequestHandler shape for `+server.ts` exports.
+ */
+export type SvelteKitRequestHandler = (event: SvelteKitEvent) => Promise<Response>;
+/**
+ * @description Configuration for `createSoulcraftAuth()`.
+ */
+export interface SoulcraftAuthOptions {
+    /**
+     * The product identifier. Used as the OIDC `client_id` when building the
+     * IdP end-session URL for logout. Also used as the default for
+     * `SOULCRAFT_OIDC_CLIENT_ID` when the env var is not set.
+     */
+    product: string;
+    /**
+     * Optional session verifier override. When omitted, the verifier is
+     * auto-selected based on environment:
+     * - `SOULCRAFT_IDP_URL` set → `createRemoteSessionVerifier`
+     * - `SOULCRAFT_IDP_URL` unset → `createDevCookieVerifier`
+     */
+    verifier?: SessionVerifier;
+    /**
+     * Optional callback to enrich the user object with product-specific fields
+     * after session resolution. Called on every authenticated request.
+     *
+     * The returned object replaces `event.locals.user`. Return the original
+     * user (or a superset) — never return null.
+     *
+     * @param user - The resolved `SoulcraftSessionUser` from the IdP.
+     * @param event - The SvelteKit request event (access `locals`, `url`, etc.).
+     * @returns The enriched user object to store in `event.locals.user`.
+     *
+     * @example Venue staff role lookup
+     * ```typescript
+     * enrichUser: async (user, event) => {
+     *   const staff = await findStaffByAuthId(event.locals.brain, user.id)
+     *   return { ...user, role: staff?.role ?? 'customer' }
+     * }
+     * ```
+     */
+    enrichUser?: (user: SoulcraftSessionUser, event: SvelteKitEvent) => Promise<Record<string, unknown>> | Record<string, unknown>;
+    /**
+     * Name of the dev session cookie. Must match the cookie name used by
+     * `/api/dev/login` in the product. Default: `'soulcraft_dev_session'`.
+     */
+    devCookieName?: string;
+    /**
+     * Path prefix for the backchannel-logout endpoint. The CSRF bypass
+     * rewrites the origin header for POST requests to this path.
+     * Default: `'/api/auth/backchannel-logout'`.
+     */
+    backchannelPath?: string;
+}
+/**
+ * @description The return value of `createSoulcraftAuth()`.
+ */
+export interface SoulcraftAuth {
+    /**
+     * SvelteKit `Handle` hook that resolves sessions, clears stale cookies,
+     * and bypasses CSRF for the backchannel-logout endpoint.
+     *
+     * Use with `sequence()` if you have other hooks:
+     * ```typescript
+     * export const handle = sequence(auth.handle, myOtherHook)
+     * ```
+     */
+    handle: SvelteKitHandle;
+    /**
+     * SvelteKit request handler for `POST /api/auth/backchannel-logout`.
+     *
+     * Verifies the HS256 JWT logout token from the IdP. Returns 200 on
+     * success, 400 for malformed tokens. Since SvelteKit products hold no
+     * local sessions (auth state lives at the IdP), this endpoint only
+     * verifies the token and acknowledges receipt.
+     *
+     * Mount in `routes/api/auth/backchannel-logout/+server.ts`:
+     * ```typescript
+     * export const POST = auth.backchannelHandler
+     * ```
+     */
+    backchannelHandler: SvelteKitRequestHandler;
+    /**
+     * SvelteKit request handler for `POST /api/auth/logout`.
+     *
+     * Clears the local session cookie (dev or guest) and returns the IdP
+     * end-session URL as `{ redirect: string }`. The client navigates to
+     * this URL to complete platform-wide sign-out.
+     *
+     * Mount in `routes/api/auth/logout/+server.ts`:
+     * ```typescript
+     * export const POST = auth.logoutHandler
+     * ```
+     */
+    logoutHandler: SvelteKitRequestHandler;
+    /**
+     * The session verifier function, exposed for direct use in server load
+     * functions or API routes that need session data outside the hook.
+     */
+    verifySession: SessionVerifier;
+}
+/**
+ * @description Creates the complete SvelteKit auth integration for a Soulcraft product.
+ *
+ * Returns a `handle` hook, a `backchannelHandler`, and a `logoutHandler` — everything
+ * needed for auth in a SvelteKit product. One function call replaces ~100 lines of
+ * hand-rolled auth code in each product's hooks.server.ts.
+ *
+ * **Environment variables read:**
+ * - `SOULCRAFT_IDP_URL` — IdP base URL. Present → production mode. Absent → dev mode.
+ * - `SOULCRAFT_OIDC_CLIENT_ID` — OIDC client ID. Falls back to `options.product`.
+ * - `SOULCRAFT_OIDC_CLIENT_SECRET` — OIDC client secret. Required for backchannel logout.
+ * - `BETTER_AUTH_URL` — This product's base URL. Used for `post_logout_redirect_uri`.
+ *
+ * @param options - Product name, optional verifier override, optional user enrichment.
+ * @returns `{ handle, backchannelHandler, logoutHandler, verifySession }`.
+ *
+ * @example Minimal setup (Workshop, Academy)
+ * ```typescript
+ * const auth = createSoulcraftAuth({ product: 'workshop' })
+ * export const handle = auth.handle
+ * ```
+ *
+ * @example With enrichment (Venue)
+ * ```typescript
+ * const auth = createSoulcraftAuth({
+ *   product: 'venue',
+ *   enrichUser: async (user, event) => {
+ *     const staff = await findStaff(event.locals.brain, user.id)
+ *     return { ...user, role: staff?.role ?? 'customer' }
+ *   }
+ * })
+ * ```
+ */
+export declare function createSoulcraftAuth(options: SoulcraftAuthOptions): SoulcraftAuth;
+//# sourceMappingURL=sveltekit.d.ts.map

package/dist/modules/auth/sveltekit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sveltekit.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/sveltekit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AACtD,OAAO,KAAK,EAAE,oBAAoB,EAAoB,MAAM,YAAY,CAAA;AAMxE;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAA;IAChB,GAAG,EAAE,GAAG,CAAA;IACR,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC/B,OAAO,EAAE;QACP,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;YAAE,IAAI,CAAC,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAA;KACrD,CAAA;CACF;AAED;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,KAAK,EAAE;IACpC,KAAK,EAAE,cAAc,CAAA;IACrB,OAAO,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;CACtD,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;AAEvB;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,KAAK,EAAE,cAAc,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;AAMlF;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAA;IAEf;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,eAAe,CAAA;IAE1B;;;;;;;;;;;;;;;;;;OAkBG;IACH,UAAU,CAAC,EAAE,CACX,IAAI,EAAE,oBAAoB,EAC1B,KAAK,EAAE,cAAc,KAClB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAE/D;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAA;IAEtB;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;;;;OAQG;IACH,MAAM,EAAE,eAAe,CAAA;IAEvB;;;;;;;;;;;;OAYG;IACH,kBAAkB,EAAE,uBAAuB,CAAA;IAE3C;;;;;;;;;;;OAWG;IACH,aAAa,EAAE,uBAAuB,CAAA;IAEtC;;;OAGG;IACH,aAAa,EAAE,eAAe,CAAA;CAC/B;AAuFD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,oBAAoB,GAAG,aAAa,CAiJhF"}

package/dist/modules/auth/sveltekit.js

@@ -0,0 +1,263 @@
+/**
+ * @module modules/auth/sveltekit
+ * @description Opinionated SvelteKit auth integration for Soulcraft products.
+ *
+ * `createSoulcraftAuth()` returns everything a SvelteKit product needs for auth:
+ * a `Handle` hook, a backchannel-logout request handler, and a logout request handler.
+ * One function, zero choices.
+ *
+ * ## What it does
+ *
+ * - **Session resolution** — reads the IdP cross-domain cookie, verifies via
+ *   `createRemoteSessionVerifier` (30s LRU cache) in production or
+ *   `createDevCookieVerifier` in dev mode
+ * - **Stale cookie recovery** — detects "cookie present but session null" and
+ *   clears the stale cookie via `Set-Cookie: Max-Age=0`, breaking redirect loops
+ * - **CSRF bypass** — rewrites the `origin` header for `POST /api/auth/backchannel-logout`
+ *   so SvelteKit's built-in CSRF check doesn't block server-to-server IdP calls
+ * - **User enrichment** — optional `enrichUser` callback for product-specific
+ *   role resolution (e.g. Venue staff lookup, Portal admin check)
+ * - **Backchannel logout** — verifies the HS256 JWT logout token from the IdP
+ * - **Logout** — clears local cookies and returns the IdP end-session URL
+ *
+ * ## Usage
+ *
+ * ```typescript
+ * // hooks.server.ts
+ * import { createSoulcraftAuth } from '@soulcraft/sdk/server'
+ *
+ * const auth = createSoulcraftAuth({ product: 'venue' })
+ * export const handle = auth.handle
+ *
+ * // routes/api/auth/backchannel-logout/+server.ts
+ * export const POST = auth.backchannelHandler
+ *
+ * // routes/api/auth/logout/+server.ts
+ * export const POST = auth.logoutHandler
+ * ```
+ *
+ * @example With user enrichment (Venue staff role)
+ * ```typescript
+ * const auth = createSoulcraftAuth({
+ *   product: 'venue',
+ *   enrichUser: async (user, event) => {
+ *     const staff = await lookupStaff(event.locals.brain, user.id)
+ *     return { ...user, role: staff?.role ?? 'customer' }
+ *   }
+ * })
+ * ```
+ */
+import { createRemoteSessionVerifier, createDevCookieVerifier } from './middleware.js';
+// ─────────────────────────────────────────────────────────────────────────────
+// Constants
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * The cross-subdomain session cookie name set by the IdP.
+ * better-auth prefixes with `__Secure-` when `useSecureCookies: true`.
+ */
+const SESSION_COOKIE = '__Secure-better-auth.session_token';
+/**
+ * Set-Cookie header value that expires the stale session cookie.
+ * Attributes mirror the IdP's original cookie so the browser accepts it.
+ */
+const CLEAR_SESSION_COOKIE = `${SESSION_COOKIE}=; Domain=.soulcraft.com; Path=/; Max-Age=0; Secure; HttpOnly; SameSite=Lax`;
+/** OIDC Back-Channel Logout event URI (per spec). */
+const BACKCHANNEL_LOGOUT_EVENT = 'http://schemas.openid.net/event/backchannel-logout';
+// ─────────────────────────────────────────────────────────────────────────────
+// JWT verification (Web Crypto API — no external deps)
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Verify an HS256 JWT using the Web Crypto API.
+ *
+ * @param token - Raw JWT string (`header.payload.signature`).
+ * @param secret - HMAC secret for signature verification.
+ * @returns The decoded payload if the signature is valid, or null.
+ */
+async function verifyHS256JWT(token, secret) {
+    const parts = token.split('.');
+    if (parts.length !== 3)
+        return null;
+    const [headerB64, payloadB64, sigB64] = parts;
+    let key;
+    try {
+        key = await crypto.subtle.importKey('raw', new TextEncoder().encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['verify']);
+    }
+    catch {
+        return null;
+    }
+    const signingInput = `${headerB64}.${payloadB64}`;
+    let sigBytes;
+    try {
+        sigBytes = Uint8Array.from(atob(sigB64.replace(/-/g, '+').replace(/_/g, '/')), (c) => c.charCodeAt(0));
+    }
+    catch {
+        return null;
+    }
+    const valid = await crypto.subtle.verify('HMAC', key, sigBytes.buffer, new TextEncoder().encode(signingInput));
+    if (!valid)
+        return null;
+    try {
+        const padded = payloadB64.replace(/-/g, '+').replace(/_/g, '/') +
+            '=='.slice(0, (4 - (payloadB64.length % 4)) % 4);
+        return JSON.parse(atob(padded));
+    }
+    catch {
+        return null;
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// createSoulcraftAuth
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * @description Creates the complete SvelteKit auth integration for a Soulcraft product.
+ *
+ * Returns a `handle` hook, a `backchannelHandler`, and a `logoutHandler` — everything
+ * needed for auth in a SvelteKit product. One function call replaces ~100 lines of
+ * hand-rolled auth code in each product's hooks.server.ts.
+ *
+ * **Environment variables read:**
+ * - `SOULCRAFT_IDP_URL` — IdP base URL. Present → production mode. Absent → dev mode.
+ * - `SOULCRAFT_OIDC_CLIENT_ID` — OIDC client ID. Falls back to `options.product`.
+ * - `SOULCRAFT_OIDC_CLIENT_SECRET` — OIDC client secret. Required for backchannel logout.
+ * - `BETTER_AUTH_URL` — This product's base URL. Used for `post_logout_redirect_uri`.
+ *
+ * @param options - Product name, optional verifier override, optional user enrichment.
+ * @returns `{ handle, backchannelHandler, logoutHandler, verifySession }`.
+ *
+ * @example Minimal setup (Workshop, Academy)
+ * ```typescript
+ * const auth = createSoulcraftAuth({ product: 'workshop' })
+ * export const handle = auth.handle
+ * ```
+ *
+ * @example With enrichment (Venue)
+ * ```typescript
+ * const auth = createSoulcraftAuth({
+ *   product: 'venue',
+ *   enrichUser: async (user, event) => {
+ *     const staff = await findStaff(event.locals.brain, user.id)
+ *     return { ...user, role: staff?.role ?? 'customer' }
+ *   }
+ * })
+ * ```
+ */
+export function createSoulcraftAuth(options) {
+    const { product, enrichUser, devCookieName = 'soulcraft_dev_session', backchannelPath = '/api/auth/backchannel-logout', } = options;
+    // ── Session verifier selection ──────────────────────────────────────────
+    const idpUrl = process.env['SOULCRAFT_IDP_URL'];
+    const verifySession = options.verifier
+        ?? (idpUrl
+            ? createRemoteSessionVerifier({ idpUrl })
+            : createDevCookieVerifier(devCookieName));
+    // ── Handle hook ─────────────────────────────────────────────────────────
+    const handle = async ({ event, resolve }) => {
+        // CSRF bypass for backchannel-logout — the IdP sends server-to-server
+        // POST requests without a browser origin header. Rewrite it so
+        // SvelteKit's CSRF check passes. The endpoint itself verifies the JWT.
+        if (event.url.pathname === backchannelPath &&
+            event.request.method === 'POST') {
+            const headers = new Headers(event.request.headers);
+            headers.set('origin', event.url.origin);
+            event.request = new Request(event.request, { headers });
+        }
+        // Resolve session
+        const cookieHeader = event.request.headers.get('cookie') ?? '';
+        const session = await verifySession(cookieHeader);
+        // Stale cookie recovery — if cookie present but session null, clear it
+        const hasSessionCookie = cookieHeader.includes(SESSION_COOKIE);
+        if (hasSessionCookie && !session) {
+            const response = await resolve(event);
+            response.headers.append('Set-Cookie', CLEAR_SESSION_COOKIE);
+            return response;
+        }
+        // Attach session and user to locals
+        event.locals['session'] = session
+            ? { sessionId: session.sessionId, expiresAt: session.expiresAt }
+            : null;
+        if (session) {
+            const user = enrichUser
+                ? await enrichUser(session.user, event)
+                : session.user;
+            event.locals['user'] = user;
+        }
+        else {
+            event.locals['user'] = null;
+        }
+        return resolve(event);
+    };
+    // ── Backchannel logout handler ──────────────────────────────────────────
+    const backchannelHandler = async ({ request }) => {
+        const clientSecret = process.env['SOULCRAFT_OIDC_CLIENT_SECRET'];
+        const idpUrlEnv = process.env['SOULCRAFT_IDP_URL'];
+        const clientId = process.env['SOULCRAFT_OIDC_CLIENT_ID'] ?? product;
+        // Only operates in OIDC client mode
+        if (!clientSecret || !idpUrlEnv) {
+            return new Response(null, { status: 200 });
+        }
+        // Parse logout_token from form body
+        let logoutToken = null;
+        try {
+            const body = await request.text();
+            const params = new URLSearchParams(body);
+            logoutToken = params.get('logout_token');
+        }
+        catch {
+            return new Response('malformed request body', { status: 400 });
+        }
+        if (!logoutToken) {
+            return new Response('missing logout_token', { status: 400 });
+        }
+        // Verify JWT signature and claims
+        const payload = await verifyHS256JWT(logoutToken, clientSecret);
+        if (!payload) {
+            return new Response('invalid logout_token', { status: 400 });
+        }
+        // Validate issuer
+        const expectedIss = idpUrlEnv.replace(/\/$/, '');
+        if (payload['iss'] !== expectedIss) {
+            return new Response('invalid issuer', { status: 400 });
+        }
+        // Validate audience
+        const aud = payload['aud'];
+        const audList = Array.isArray(aud) ? aud : [String(aud ?? '')];
+        if (!audList.includes(clientId)) {
+            return new Response('invalid audience', { status: 400 });
+        }
+        // Validate events claim
+        const events = payload['events'];
+        if (!events || !(BACKCHANNEL_LOGOUT_EVENT in events)) {
+            return new Response('missing backchannel-logout event claim', { status: 400 });
+        }
+        // Validate sub claim
+        if (!payload['sub'] || typeof payload['sub'] !== 'string') {
+            return new Response('missing sub claim', { status: 400 });
+        }
+        // SvelteKit products hold no local sessions — auth state lives at the IdP.
+        // The SDK verifier's 30s LRU cache will expire naturally.
+        return new Response(null, { status: 200 });
+    };
+    // ── Logout handler ──────────────────────────────────────────────────────
+    const logoutHandler = async ({ cookies, url }) => {
+        const idpUrlEnv = process.env['SOULCRAFT_IDP_URL'];
+        if (!idpUrlEnv) {
+            // Dev mode — clear the dev session cookie and redirect home
+            cookies.delete(devCookieName, { path: '/' });
+            return new Response(JSON.stringify({ redirect: '/' }), {
+                headers: { 'Content-Type': 'application/json' },
+            });
+        }
+        // OIDC mode — build the IdP end-session URL
+        const clientId = process.env['SOULCRAFT_OIDC_CLIENT_ID'] ?? product;
+        const baseUrl = process.env['BETTER_AUTH_URL'] ?? `${url.protocol}//${url.host}`;
+        const params = new URLSearchParams({
+            client_id: clientId,
+            post_logout_redirect_uri: `${baseUrl}/`,
+        });
+        const endSessionUrl = `${idpUrlEnv}/api/auth/oauth2/endsession?${params}`;
+        return new Response(JSON.stringify({ redirect: endSessionUrl }), {
+            headers: { 'Content-Type': 'application/json' },
+        });
+    };
+    return { handle, backchannelHandler, logoutHandler, verifySession };
+}
+//# sourceMappingURL=sveltekit.js.map

package/dist/modules/auth/sveltekit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sveltekit.js","sourceRoot":"","sources":["../../../src/modules/auth/sveltekit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAEH,OAAO,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAA;AAmJtF,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,cAAc,GAAG,oCAAoC,CAAA;AAE3D;;;GAGG;AACH,MAAM,oBAAoB,GACxB,GAAG,cAAc,6EAA6E,CAAA;AAEhG,qDAAqD;AACrD,MAAM,wBAAwB,GAAG,oDAAoD,CAAA;AAErF,gFAAgF;AAChF,uDAAuD;AACvD,gFAAgF;AAEhF;;;;;;GAMG;AACH,KAAK,UAAU,cAAc,CAC3B,KAAa,EACb,MAAc;IAEd,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAEnC,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC,GAAG,KAAiC,CAAA;IAEzE,IAAI,GAAc,CAAA;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACjC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAChC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAA;IACjD,IAAI,QAAoB,CAAA;IACxB,IAAI,CAAC;QACH,QAAQ,GAAG,UAAU,CAAC,IAAI,CACxB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,EAClD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CACvB,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACtC,MAAM,EACN,GAAG,EACH,QAAQ,CAAC,MAAqB,EAC9B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CACvC,CAAA;IACD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IAEvB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;YAC7D,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QAClD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAA4B,CAAA;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAA6B;IAC/D,MAAM,EACJ,OAAO,EACP,UAAU,EACV,aAAa,GAAG,uBAAuB,EACvC,eAAe,GAAG,8BAA8B,GACjD,GAAG,OAAO,CAAA;IAEX,2EAA2E;IAC3E,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;IAC/C,MAAM,aAAa,GAAoB,OAAO,CAAC,QAAQ;WAClD,CAAC,MAAM;YACR,CAAC,CAAC,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;YACzC,CAAC,CAAC,uBAAuB,CAAC,aAAa,CAAC,CAAC,CAAA;IAE7C,2EAA2E;IAC3E,MAAM,MAAM,GAAoB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE;QAC3D,sEAAsE;QACtE,+DAA+D;QAC/D,uEAAuE;QACvE,IACE,KAAK,CAAC,GAAG,CAAC,QAAQ,KAAK,eAAe;YACtC,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,EAC/B,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;YAClD,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YACvC,KAAK,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CAAA;QACzD,CAAC;QAED,kBAAkB;QAClB,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;QAC9D,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,YAAY,CAAC,CAAA;QAEjD,uEAAuE;QACvE,MAAM,gBAAgB,GAAG,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;QAC9D,IAAI,gBAAgB,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,CAAA;YACrC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAA;YAC3D,OAAO,QAAQ,CAAA;QACjB,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO;YAC/B,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE;YAChE,CAAC,CAAC,IAAI,CAAA;QAER,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,UAAU;gBACrB,CAAC,CAAC,MAAM,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;gBACvC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAA;YAChB,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;QAC7B,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;QAC7B,CAAC;QAED,OAAO,OAAO,CAAC,KAAK,CAAC,CAAA;IACvB,CAAC,CAAA;IAED,2EAA2E;IAC3E,MAAM,kBAAkB,GAA4B,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QACxE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAA;QAChE,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,IAAI,OAAO,CAAA;QAEnE,oCAAoC;QACpC,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC5C,CAAC;QAED,oCAAoC;QACpC,IAAI,WAAW,GAAkB,IAAI,CAAA;QACrC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;YACjC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAA;YACxC,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,QAAQ,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAChE,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,QAAQ,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC9D,CAAC;QAED,kCAAkC;QAClC,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,YAAY,CAAC,CAAA;QAC/D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,QAAQ,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC9D,CAAC;QAED,kBAAkB;QAClB,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;QAChD,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,WAAW,EAAE,CAAC;YACnC,OAAO,IAAI,QAAQ,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QACxD,CAAC;QAED,oBAAoB;QACpB,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAA;QAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAe,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,CAAA;QAC1E,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,QAAQ,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC1D,CAAC;QAED,wBAAwB;QACxB,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAwC,CAAA;QACvE,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC,wBAAwB,IAAI,MAAM,CAAC,EAAE,CAAC;YACrD,OAAO,IAAI,QAAQ,CAAC,wCAAwC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAChF,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1D,OAAO,IAAI,QAAQ,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC3D,CAAC;QAED,2EAA2E;QAC3E,0DAA0D;QAC1D,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAC5C,CAAC,CAAA;IAED,2EAA2E;IAC3E,MAAM,aAAa,GAA4B,KAAK,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE;QACxE,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAElD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,4DAA4D;YAC5D,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAA;YAC5C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;gBACrD,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAA;QACJ,CAAC;QAED,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,IAAI,OAAO,CAAA;QACnE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,IAAI,EAAE,CAAA;QAChF,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,QAAQ;YACnB,wBAAwB,EAAE,GAAG,OAAO,GAAG;SACxC,CAAC,CAAA;QAEF,MAAM,aAAa,GAAG,GAAG,SAAS,+BAA+B,MAAM,EAAE,CAAA;QACzE,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;YAC/D,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,aAAa,EAAE,aAAa,EAAE,CAAA;AACrE,CAAC"}

package/dist/server/index.d.ts

@@ -34,6 +34,8 @@ export { createAuthMiddleware, createRemoteSessionVerifier, createDevSessionVeri
 export type { AuthMiddlewareOptions, AuthMiddleware, AuthContext, BetterAuthLike, SessionVerifier, RemoteSessionVerifierOptions, DevSessionVerifierOptions, DevLoginHandlerOptions, GuestSessionHandlerOptions, } from '../modules/auth/middleware.js';
 export { createBackchannelLogoutHandler } from '../modules/auth/backchannel.js';
 export type { BackchannelLogoutConfig, BackchannelAuthLike, } from '../modules/auth/backchannel.js';
+export { createSoulcraftAuth } from '../modules/auth/sveltekit.js';
+export type { SoulcraftAuthOptions, SoulcraftAuth, SvelteKitHandle, SvelteKitEvent, SvelteKitRequestHandler, } from '../modules/auth/sveltekit.js';
 export { verifyServiceToken, extractBearerToken, } from '../modules/auth/service-token.js';
 export { SOULCRAFT_USER_FIELDS, SOULCRAFT_SESSION_CONFIG, getAuthMode, getOIDCClientConfig, } from '../modules/auth/config.js';
 export { SOULCRAFT_PRODUCTS, deriveOrigins, deriveRedirectUrls, } from '../modules/auth/products.js';

package/dist/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAGH,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,oBAAoB,CAAA;AAG3B,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAG/D,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,EACV,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,qBAAqB,EACrB,UAAU,EACV,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EACjB,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,QAAQ,EACR,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,yBAAyB,EACzB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,eAAe,EACf,eAAe,EACf,eAAe,EACf,WAAW,EACX,oBAAoB,EACpB,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,GACtB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AACtC,YAAY,EACV,qBAAqB,EACrB,cAAc,EACd,WAAW,EACX,cAAc,EACd,eAAe,EACf,4BAA4B,EAC5B,yBAAyB,EACzB,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAC/E,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,gCAAgC,CAAA;AAGvC,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAGzC,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAGlC,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AACpC,YAAY,EACV,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAG7E,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AACjE,YAAY,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAA;AAC3D,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACxF,YAAY,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACpG,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAGvD,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAA;AAClG,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAGlG,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,YAAY,EACV,qBAAqB,EACrB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,WAAW,EACX,cAAc,EACd,uBAAuB,EACvB,cAAc,GACf,MAAM,uBAAuB,CAAA;AAG9B,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAC1D,YAAY,EACV,wBAAwB,EACxB,kBAAkB,EAClB,SAAS,GACV,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AACxD,YAAY,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AAI7D,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AAC5B,YAAY,EACV,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,EAClB,YAAY,EACZ,oBAAoB,EACpB,cAAc,EACd,YAAY,EACZ,oBAAoB,EACpB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,aAAa,EACb,eAAe,EACf,oBAAoB,EACpB,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,uBAAuB,EACvB,gBAAgB,EAChB,sBAAsB,EACtB,kBAAkB,EAClB,kBAAkB,EAClB,yBAAyB,EACzB,eAAe,EACf,sBAAsB,EACtB,aAAa,EACb,oBAAoB,EACpB,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,SAAS,EACT,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,EACrB,aAAa,EACb,sBAAsB,EACtB,cAAc,EACd,oBAAoB,EACpB,sBAAsB,EACtB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,EAC1B,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,sBAAsB,GACvB,MAAM,qBAAqB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAGH,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,oBAAoB,CAAA;AAG3B,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAG/D,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,EACV,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,qBAAqB,EACrB,UAAU,EACV,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EACjB,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAC3B,YAAY,EACV,QAAQ,EACR,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,yBAAyB,EACzB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,eAAe,EACf,eAAe,EACf,eAAe,EACf,WAAW,EACX,oBAAoB,EACpB,sBAAsB,EACtB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,GACtB,MAAM,0BAA0B,CAAA;AAGjC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AACtC,YAAY,EACV,qBAAqB,EACrB,cAAc,EACd,WAAW,EACX,cAAc,EACd,eAAe,EACf,4BAA4B,EAC5B,yBAAyB,EACzB,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAC/E,YAAY,EACV,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,gCAAgC,CAAA;AAGvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAA;AAClE,YAAY,EACV,oBAAoB,EACpB,aAAa,EACb,eAAe,EACf,cAAc,EACd,uBAAuB,GACxB,MAAM,8BAA8B,CAAA;AAGrC,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAGzC,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAGlC,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AACpC,YAAY,EACV,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AACjE,YAAY,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAA;AAC7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAG7E,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AACjE,YAAY,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAA;AAC3D,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACxF,YAAY,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACpG,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAGvD,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAA;AAClG,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAGlG,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,YAAY,EACV,qBAAqB,EACrB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,cAAc,EACd,WAAW,EACX,cAAc,EACd,uBAAuB,EACvB,cAAc,GACf,MAAM,uBAAuB,CAAA;AAG9B,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAC1D,YAAY,EACV,wBAAwB,EACxB,kBAAkB,EAClB,SAAS,GACV,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AACxD,YAAY,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AAI7D,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AAC5B,YAAY,EACV,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,EAClB,YAAY,EACZ,oBAAoB,EACpB,cAAc,EACd,YAAY,EACZ,oBAAoB,EACpB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,aAAa,EACb,eAAe,EACf,oBAAoB,EACpB,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,uBAAuB,EACvB,gBAAgB,EAChB,sBAAsB,EACtB,kBAAkB,EAClB,kBAAkB,EAClB,yBAAyB,EACzB,eAAe,EACf,sBAAsB,EACtB,aAAa,EACb,oBAAoB,EACpB,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,oBAAoB,EACpB,YAAY,EACZ,mBAAmB,EACnB,SAAS,EACT,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,EACrB,mBAAmB,EACnB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,EACrB,aAAa,EACb,sBAAsB,EACtB,cAAc,EACd,oBAAoB,EACpB,sBAAsB,EACtB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,EAC1B,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,sBAAsB,GACvB,MAAM,qBAAqB,CAAA"}

package/dist/server/index.js

@@ -33,6 +33,8 @@ export { createHallModule, createHallMediaClient, generateTurnCredentials, HallC
 // ── Auth middleware + session factories ───────────────────────────────────────
 export { createAuthMiddleware, createRemoteSessionVerifier, createDevSessionVerifier, createDevLoginHandler, createDevCookieVerifier, createGuestSessionHandler, createGuestCookieVerifier, AUTH_USER_KEY, } from '../modules/auth/middleware.js';
 export { createBackchannelLogoutHandler } from '../modules/auth/backchannel.js';
+// ── SvelteKit auth integration ────────────────────────────────────────────────
+export { createSoulcraftAuth } from '../modules/auth/sveltekit.js';
 // ── Service token verification ────────────────────────────────────────────────
 export { verifyServiceToken, extractBearerToken, } from '../modules/auth/service-token.js';
 // ── Auth config helpers ──────────────────────────────────────────────────────

package/dist/server/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAM3B,iFAAiF;AACjF,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAE/D,gFAAgF;AAChF,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,EACV,eAAe,GAChB,MAAM,oBAAoB,CAAA;AA4C3B,iFAAiF;AACjF,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AAYtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAM/E,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAEzC,gFAAgF;AAChF,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAElC,gFAAgF;AAChF,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AAMpC,gFAAgF;AAChF,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAK7E,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AAExF,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAEvD,iFAAiF;AACjF,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAA;AAGlG,gFAAgF;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAa7D,+EAA+E;AAC/E,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAO1D,+EAA+E;AAC/E,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AAGxD,gFAAgF;AAChF,iFAAiF;AACjF,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AA4D5B,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,EAC1B,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,sBAAsB,GACvB,MAAM,qBAAqB,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAM3B,iFAAiF;AACjF,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAE/D,gFAAgF;AAChF,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,EACV,eAAe,GAChB,MAAM,oBAAoB,CAAA;AA4C3B,iFAAiF;AACjF,OAAO,EACL,oBAAoB,EACpB,2BAA2B,EAC3B,wBAAwB,EACxB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,yBAAyB,EACzB,aAAa,GACd,MAAM,+BAA+B,CAAA;AAYtC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAA;AAM/E,iFAAiF;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAA;AASlE,iFAAiF;AACjF,OAAO,EACL,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kCAAkC,CAAA;AAEzC,gFAAgF;AAChF,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAElC,gFAAgF;AAChF,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,kBAAkB,GACnB,MAAM,6BAA6B,CAAA;AAMpC,gFAAgF;AAChF,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAEjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAA;AAK7E,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AAExF,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAEvD,iFAAiF;AACjF,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAA;AAGlG,gFAAgF;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAa7D,+EAA+E;AAC/E,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAA;AAO1D,+EAA+E;AAC/E,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AAGxD,gFAAgF;AAChF,iFAAiF;AACjF,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,EACxB,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,qBAAqB,CAAA;AA4D5B,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,EAC1B,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,sBAAsB,GACvB,MAAM,qBAAqB,CAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@soulcraft/sdk",
-  "version": "2.4.1",
+  "version": "2.5.0",
   "description": "The unified Soulcraft platform SDK — data, auth, AI, billing, and notifications",
   "type": "module",
   "publishConfig": {