@soulcraft/sdk 3.7.7 → 3.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -2
- package/dist/index.js.map +1 -1
- package/dist/modules/auth/config.d.ts +0 -30
- package/dist/modules/auth/config.d.ts.map +1 -1
- package/dist/modules/auth/config.js +0 -52
- package/dist/modules/auth/config.js.map +1 -1
- package/dist/modules/auth/products.d.ts +36 -99
- package/dist/modules/auth/products.d.ts.map +1 -1
- package/dist/modules/auth/products.js +32 -78
- package/dist/modules/auth/products.js.map +1 -1
- package/dist/modules/auth/request-middleware.d.ts +9 -9
- package/dist/modules/auth/request-middleware.js +9 -9
- package/dist/modules/auth/sveltekit.d.ts +18 -46
- package/dist/modules/auth/sveltekit.d.ts.map +1 -1
- package/dist/modules/auth/sveltekit.js +33 -145
- package/dist/modules/auth/sveltekit.js.map +1 -1
- package/dist/modules/auth/types.d.ts +0 -28
- package/dist/modules/auth/types.d.ts.map +1 -1
- package/dist/server/index.d.ts +2 -4
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +5 -4
- package/dist/server/index.js.map +1 -1
- package/package.json +1 -1
|
@@ -48,7 +48,7 @@
|
|
|
48
48
|
* getUser,
|
|
49
49
|
* } from '@soulcraft/sdk/server'
|
|
50
50
|
*
|
|
51
|
-
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.
|
|
51
|
+
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL! })
|
|
52
52
|
* const { requireAuth } = createRequestAuthMiddleware(verifySession)
|
|
53
53
|
*
|
|
54
54
|
* export const handle = async ({ event, resolve }) => {
|
|
@@ -66,7 +66,7 @@
|
|
|
66
66
|
* getUser,
|
|
67
67
|
* } from '@soulcraft/sdk/server'
|
|
68
68
|
*
|
|
69
|
-
* const verifier = createRemoteSessionVerifier({ idpUrl: process.env.
|
|
69
|
+
* const verifier = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL! })
|
|
70
70
|
* const { optionalAuth } = createRequestAuthMiddleware(verifier)
|
|
71
71
|
*
|
|
72
72
|
* Bun.serve({
|
|
@@ -243,7 +243,7 @@ export declare function getUser(req: Request): SoulcraftSessionUser | null;
|
|
|
243
243
|
*
|
|
244
244
|
* Pass the returned function to `createRequestAuthMiddleware`:
|
|
245
245
|
* ```typescript
|
|
246
|
-
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.
|
|
246
|
+
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL! })
|
|
247
247
|
* const { requireAuth } = createRequestAuthMiddleware(verifySession)
|
|
248
248
|
* ```
|
|
249
249
|
*
|
|
@@ -272,8 +272,8 @@ export declare function createRemoteSessionVerifier(options: RemoteSessionVerifi
|
|
|
272
272
|
* Designed as a drop-in replacement for `createRemoteSessionVerifier` in local dev:
|
|
273
273
|
*
|
|
274
274
|
* ```typescript
|
|
275
|
-
* const verifySession = process.env.
|
|
276
|
-
* ? createRemoteSessionVerifier({ idpUrl: process.env.
|
|
275
|
+
* const verifySession = process.env.SOULCRAFT_AUTH_URL
|
|
276
|
+
* ? createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL })
|
|
277
277
|
* : createDevSessionVerifier({ role: 'owner' })
|
|
278
278
|
*
|
|
279
279
|
* const { requireAuth } = createRequestAuthMiddleware(verifySession)
|
|
@@ -286,8 +286,8 @@ export declare function createRemoteSessionVerifier(options: RemoteSessionVerifi
|
|
|
286
286
|
*
|
|
287
287
|
* @example
|
|
288
288
|
* ```typescript
|
|
289
|
-
* const verifySession = process.env.
|
|
290
|
-
* ? createRemoteSessionVerifier({ idpUrl: process.env.
|
|
289
|
+
* const verifySession = process.env.SOULCRAFT_AUTH_URL
|
|
290
|
+
* ? createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL })
|
|
291
291
|
* : createDevSessionVerifier({ role: 'owner' })
|
|
292
292
|
*
|
|
293
293
|
* export const handle = async ({ event, resolve }) => {
|
|
@@ -329,7 +329,7 @@ export declare function createDevCookieVerifier(cookieName?: string): SessionVer
|
|
|
329
329
|
* Compose with `createRemoteSessionVerifier` to allow both authenticated and guest access:
|
|
330
330
|
*
|
|
331
331
|
* ```typescript
|
|
332
|
-
* const verifyReal = createRemoteSessionVerifier({ idpUrl: process.env.
|
|
332
|
+
* const verifyReal = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL! })
|
|
333
333
|
* const verifyGuest = createGuestCookieVerifier()
|
|
334
334
|
*
|
|
335
335
|
* const { optionalAuth } = createRequestAuthMiddleware(async (cookie) =>
|
|
@@ -364,7 +364,7 @@ export declare function createGuestCookieVerifier(cookieName?: string): SessionV
|
|
|
364
364
|
*
|
|
365
365
|
* @example Verifier form (Venue / Academy / Workshop in OIDC mode)
|
|
366
366
|
* ```typescript
|
|
367
|
-
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.
|
|
367
|
+
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL! })
|
|
368
368
|
* const { requireAuth } = createRequestAuthMiddleware(verifySession)
|
|
369
369
|
*
|
|
370
370
|
* // Use in any server:
|
|
@@ -48,7 +48,7 @@
|
|
|
48
48
|
* getUser,
|
|
49
49
|
* } from '@soulcraft/sdk/server'
|
|
50
50
|
*
|
|
51
|
-
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.
|
|
51
|
+
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL! })
|
|
52
52
|
* const { requireAuth } = createRequestAuthMiddleware(verifySession)
|
|
53
53
|
*
|
|
54
54
|
* export const handle = async ({ event, resolve }) => {
|
|
@@ -66,7 +66,7 @@
|
|
|
66
66
|
* getUser,
|
|
67
67
|
* } from '@soulcraft/sdk/server'
|
|
68
68
|
*
|
|
69
|
-
* const verifier = createRemoteSessionVerifier({ idpUrl: process.env.
|
|
69
|
+
* const verifier = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL! })
|
|
70
70
|
* const { optionalAuth } = createRequestAuthMiddleware(verifier)
|
|
71
71
|
*
|
|
72
72
|
* Bun.serve({
|
|
@@ -168,7 +168,7 @@ function _decodeSessionCookie(value) {
|
|
|
168
168
|
*
|
|
169
169
|
* Pass the returned function to `createRequestAuthMiddleware`:
|
|
170
170
|
* ```typescript
|
|
171
|
-
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.
|
|
171
|
+
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL! })
|
|
172
172
|
* const { requireAuth } = createRequestAuthMiddleware(verifySession)
|
|
173
173
|
* ```
|
|
174
174
|
*
|
|
@@ -260,8 +260,8 @@ export function createRemoteSessionVerifier(options) {
|
|
|
260
260
|
* Designed as a drop-in replacement for `createRemoteSessionVerifier` in local dev:
|
|
261
261
|
*
|
|
262
262
|
* ```typescript
|
|
263
|
-
* const verifySession = process.env.
|
|
264
|
-
* ? createRemoteSessionVerifier({ idpUrl: process.env.
|
|
263
|
+
* const verifySession = process.env.SOULCRAFT_AUTH_URL
|
|
264
|
+
* ? createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL })
|
|
265
265
|
* : createDevSessionVerifier({ role: 'owner' })
|
|
266
266
|
*
|
|
267
267
|
* const { requireAuth } = createRequestAuthMiddleware(verifySession)
|
|
@@ -274,8 +274,8 @@ export function createRemoteSessionVerifier(options) {
|
|
|
274
274
|
*
|
|
275
275
|
* @example
|
|
276
276
|
* ```typescript
|
|
277
|
-
* const verifySession = process.env.
|
|
278
|
-
* ? createRemoteSessionVerifier({ idpUrl: process.env.
|
|
277
|
+
* const verifySession = process.env.SOULCRAFT_AUTH_URL
|
|
278
|
+
* ? createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL })
|
|
279
279
|
* : createDevSessionVerifier({ role: 'owner' })
|
|
280
280
|
*
|
|
281
281
|
* export const handle = async ({ event, resolve }) => {
|
|
@@ -350,7 +350,7 @@ export function createDevCookieVerifier(cookieName = 'soulcraft_dev_session') {
|
|
|
350
350
|
* Compose with `createRemoteSessionVerifier` to allow both authenticated and guest access:
|
|
351
351
|
*
|
|
352
352
|
* ```typescript
|
|
353
|
-
* const verifyReal = createRemoteSessionVerifier({ idpUrl: process.env.
|
|
353
|
+
* const verifyReal = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL! })
|
|
354
354
|
* const verifyGuest = createGuestCookieVerifier()
|
|
355
355
|
*
|
|
356
356
|
* const { optionalAuth } = createRequestAuthMiddleware(async (cookie) =>
|
|
@@ -395,7 +395,7 @@ export function createGuestCookieVerifier(cookieName = 'soulcraft_guest_session'
|
|
|
395
395
|
*
|
|
396
396
|
* @example Verifier form (Venue / Academy / Workshop in OIDC mode)
|
|
397
397
|
* ```typescript
|
|
398
|
-
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.
|
|
398
|
+
* const verifySession = createRemoteSessionVerifier({ idpUrl: process.env.SOULCRAFT_AUTH_URL! })
|
|
399
399
|
* const { requireAuth } = createRequestAuthMiddleware(verifySession)
|
|
400
400
|
*
|
|
401
401
|
* // Use in any server:
|
|
@@ -3,22 +3,18 @@
|
|
|
3
3
|
* @description Opinionated SvelteKit auth integration for Soulcraft products.
|
|
4
4
|
*
|
|
5
5
|
* `createSoulcraftAuth()` returns everything a SvelteKit product needs for auth:
|
|
6
|
-
* a `Handle` hook
|
|
7
|
-
* One function, zero choices.
|
|
6
|
+
* a `Handle` hook and a logout handler. One function, zero choices.
|
|
8
7
|
*
|
|
9
8
|
* ## What it does
|
|
10
9
|
*
|
|
11
|
-
* - **Session resolution** — reads the
|
|
12
|
-
* `createRemoteSessionVerifier` (30s LRU cache) in production or
|
|
10
|
+
* - **Session resolution** — reads the `.soulcraft.com` session cookie, verifies
|
|
11
|
+
* via `createRemoteSessionVerifier` (30s LRU cache) in production or
|
|
13
12
|
* `createDevCookieVerifier` in dev mode
|
|
14
13
|
* - **Stale cookie recovery** — detects "cookie present but session null" and
|
|
15
14
|
* clears the stale cookie via `Set-Cookie: Max-Age=0`, breaking redirect loops
|
|
16
|
-
* - **CSRF bypass** — rewrites the `origin` header for `POST /api/auth/backchannel-logout`
|
|
17
|
-
* so SvelteKit's built-in CSRF check doesn't block server-to-server IdP calls
|
|
18
15
|
* - **User enrichment** — optional `enrichUser` callback for product-specific
|
|
19
16
|
* role resolution (e.g. Venue staff lookup, Portal admin check)
|
|
20
|
-
* - **
|
|
21
|
-
* - **Logout** — clears local cookies and returns the IdP end-session URL
|
|
17
|
+
* - **Logout** — clears local cookies, calls auth.soulcraft.com/api/auth/sign-out
|
|
22
18
|
*
|
|
23
19
|
* ## Usage
|
|
24
20
|
*
|
|
@@ -29,9 +25,6 @@
|
|
|
29
25
|
* const auth = createSoulcraftAuth({ product: 'venue' })
|
|
30
26
|
* export const handle = auth.handle
|
|
31
27
|
*
|
|
32
|
-
* // routes/api/auth/backchannel-logout/+server.ts
|
|
33
|
-
* export const POST = auth.backchannelHandler
|
|
34
|
-
*
|
|
35
28
|
* // routes/api/auth/logout/+server.ts
|
|
36
29
|
* export const POST = auth.logoutHandler
|
|
37
30
|
* ```
|
|
@@ -88,8 +81,8 @@ export interface SoulcraftAuthOptions {
|
|
|
88
81
|
/**
|
|
89
82
|
* Optional session verifier override. When omitted, the verifier is
|
|
90
83
|
* auto-selected based on environment:
|
|
91
|
-
* - `
|
|
92
|
-
* - `
|
|
84
|
+
* - `SOULCRAFT_AUTH_URL` set → `createRemoteSessionVerifier`
|
|
85
|
+
* - `SOULCRAFT_AUTH_URL` unset → `createDevCookieVerifier`
|
|
93
86
|
*/
|
|
94
87
|
verifier?: SessionVerifier;
|
|
95
88
|
/**
|
|
@@ -118,13 +111,7 @@ export interface SoulcraftAuthOptions {
|
|
|
118
111
|
*/
|
|
119
112
|
devCookieName?: string;
|
|
120
113
|
/**
|
|
121
|
-
*
|
|
122
|
-
* rewrites the origin header for POST requests to this path.
|
|
123
|
-
* Default: `'/api/auth/backchannel-logout'`.
|
|
124
|
-
*/
|
|
125
|
-
backchannelPath?: string;
|
|
126
|
-
/**
|
|
127
|
-
* Default role for auto-login in dev mode. When set and no `SOULCRAFT_IDP_URL`
|
|
114
|
+
* Default role for auto-login in dev mode. When set and no `SOULCRAFT_AUTH_URL`
|
|
128
115
|
* is configured, the auth handle automatically creates a dev session on the
|
|
129
116
|
* first request if no dev cookie is present. The developer is logged in the
|
|
130
117
|
* moment the page loads — no manual `/api/dev/login` call needed.
|
|
@@ -140,8 +127,7 @@ export interface SoulcraftAuthOptions {
|
|
|
140
127
|
*/
|
|
141
128
|
export interface SoulcraftAuth {
|
|
142
129
|
/**
|
|
143
|
-
* SvelteKit `Handle` hook that resolves sessions
|
|
144
|
-
* and bypasses CSRF for the backchannel-logout endpoint.
|
|
130
|
+
* SvelteKit `Handle` hook that resolves sessions and clears stale cookies.
|
|
145
131
|
*
|
|
146
132
|
* Use with `sequence()` if you have other hooks:
|
|
147
133
|
* ```typescript
|
|
@@ -149,20 +135,6 @@ export interface SoulcraftAuth {
|
|
|
149
135
|
* ```
|
|
150
136
|
*/
|
|
151
137
|
handle: SvelteKitHandle;
|
|
152
|
-
/**
|
|
153
|
-
* SvelteKit request handler for `POST /api/auth/backchannel-logout`.
|
|
154
|
-
*
|
|
155
|
-
* Verifies the HS256 JWT logout token from the IdP. Returns 200 on
|
|
156
|
-
* success, 400 for malformed tokens. Since SvelteKit products hold no
|
|
157
|
-
* local sessions (auth state lives at the IdP), this endpoint only
|
|
158
|
-
* verifies the token and acknowledges receipt.
|
|
159
|
-
*
|
|
160
|
-
* Mount in `routes/api/auth/backchannel-logout/+server.ts`:
|
|
161
|
-
* ```typescript
|
|
162
|
-
* export const POST = auth.backchannelHandler
|
|
163
|
-
* ```
|
|
164
|
-
*/
|
|
165
|
-
backchannelHandler: SvelteKitRequestHandler;
|
|
166
138
|
/**
|
|
167
139
|
* SvelteKit request handler for `POST /api/auth/logout`.
|
|
168
140
|
*
|
|
@@ -234,18 +206,18 @@ export interface SoulcraftAuth {
|
|
|
234
206
|
/**
|
|
235
207
|
* @description Creates the complete SvelteKit auth integration for a Soulcraft product.
|
|
236
208
|
*
|
|
237
|
-
* Returns a `handle` hook
|
|
238
|
-
*
|
|
239
|
-
*
|
|
209
|
+
* Returns a `handle` hook and a `logoutHandler` — everything needed for auth in a
|
|
210
|
+
* SvelteKit product. One function call replaces ~100 lines of hand-rolled auth code.
|
|
211
|
+
*
|
|
212
|
+
* Products authenticate via shared `.soulcraft.com` session cookies. No OIDC, no
|
|
213
|
+
* client secrets, no backchannel logout. Cookie deletion at sign-out logs out everywhere.
|
|
240
214
|
*
|
|
241
215
|
* **Environment variables read:**
|
|
242
|
-
* - `
|
|
243
|
-
*
|
|
244
|
-
* - `SOULCRAFT_OIDC_CLIENT_SECRET` — OIDC client secret. Required for backchannel logout.
|
|
245
|
-
* - `BETTER_AUTH_URL` — This product's base URL. Used for `post_logout_redirect_uri`.
|
|
216
|
+
* - `SOULCRAFT_AUTH_URL` — Auth server URL. Present → production mode. Absent → dev mode.
|
|
217
|
+
* No backward compatibility with `SOULCRAFT_IDP_URL` — rename to `SOULCRAFT_AUTH_URL`.
|
|
246
218
|
*
|
|
247
219
|
* @param options - Product name, optional verifier override, optional user enrichment.
|
|
248
|
-
* @returns `{ handle,
|
|
220
|
+
* @returns `{ handle, logoutHandler, verifySession }`.
|
|
249
221
|
*
|
|
250
222
|
* @example Minimal setup (Workshop, Academy)
|
|
251
223
|
* ```typescript
|
|
@@ -289,11 +261,11 @@ export interface BuildLoginUrlOptions {
|
|
|
289
261
|
/**
|
|
290
262
|
* @description Build the auth.soulcraft.com login URL for redirecting unauthenticated users.
|
|
291
263
|
*
|
|
292
|
-
* In production (
|
|
264
|
+
* In production (SOULCRAFT_AUTH_URL set), returns a URL to the central IdP login page
|
|
293
265
|
* with `?redirect=`, `?product=`, and `?tenant=` query params. The IdP sets a
|
|
294
266
|
* `.soulcraft.com` cookie and redirects back to the specified URL.
|
|
295
267
|
*
|
|
296
|
-
* In dev mode (no
|
|
268
|
+
* In dev mode (no SOULCRAFT_AUTH_URL), returns `/api/dev/login?redirect=<url>` so
|
|
297
269
|
* developers hit the local dev login handler instead of the real IdP.
|
|
298
270
|
*
|
|
299
271
|
* @param options - Redirect URL, optional product and tenant context.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sveltekit.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/sveltekit.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"sveltekit.d.ts","sourceRoot":"","sources":["../../../src/modules/auth/sveltekit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA;AAC9D,OAAO,KAAK,EAAE,oBAAoB,EAAoB,MAAM,YAAY,CAAA;AAOxE;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAA;IAChB,GAAG,EAAE,GAAG,CAAA;IACR,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC/B,OAAO,EAAE;QACP,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;YAAE,IAAI,CAAC,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAA;KACrD,CAAA;CACF;AAED;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,KAAK,EAAE;IACpC,KAAK,EAAE,cAAc,CAAA;IACrB,OAAO,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;CACtD,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;AAEvB;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,KAAK,EAAE,cAAc,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;AAMlF;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAA;IAEf;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,eAAe,CAAA;IAE1B;;;;;;;;;;;;;;;;;;OAkBG;IACH,UAAU,CAAC,EAAE,CACX,IAAI,EAAE,oBAAoB,EAC1B,KAAK,EAAE,cAAc,KAClB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAE/D;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAA;IAEtB;;;;;;;;;OASG;IACH,cAAc,CAAC,EAAE,oBAAoB,CAAC,cAAc,CAAC,GAAG,KAAK,CAAA;CAC9D;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;;;OAOG;IACH,MAAM,EAAE,eAAe,CAAA;IAEvB;;;;;;;;;;;OAWG;IACH,aAAa,EAAE,uBAAuB,CAAA;IAEtC;;;;;;;;;;;OAWG;IACH,YAAY,EAAE,uBAAuB,CAAA;IAErC;;;;;;;;;;;OAWG;IACH,eAAe,EAAE,uBAAuB,CAAA;IAExC;;;;;;;;;OASG;IACH,cAAc,EAAE,uBAAuB,CAAA;IAEvC;;;;;;;;;;OAUG;IACH,eAAe,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,QAAQ,CAAA;IAEpD;;;OAGG;IACH,aAAa,EAAE,eAAe,CAAA;CAC/B;AAuBD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,oBAAoB,GAAG,aAAa,CAsOhF;AAMD;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,WAAW,EAAE,MAAM,CAAA;IAEnB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAE5B;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC5B;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,MAAM,CAiBnE"}
|
|
@@ -3,22 +3,18 @@
|
|
|
3
3
|
* @description Opinionated SvelteKit auth integration for Soulcraft products.
|
|
4
4
|
*
|
|
5
5
|
* `createSoulcraftAuth()` returns everything a SvelteKit product needs for auth:
|
|
6
|
-
* a `Handle` hook
|
|
7
|
-
* One function, zero choices.
|
|
6
|
+
* a `Handle` hook and a logout handler. One function, zero choices.
|
|
8
7
|
*
|
|
9
8
|
* ## What it does
|
|
10
9
|
*
|
|
11
|
-
* - **Session resolution** — reads the
|
|
12
|
-
* `createRemoteSessionVerifier` (30s LRU cache) in production or
|
|
10
|
+
* - **Session resolution** — reads the `.soulcraft.com` session cookie, verifies
|
|
11
|
+
* via `createRemoteSessionVerifier` (30s LRU cache) in production or
|
|
13
12
|
* `createDevCookieVerifier` in dev mode
|
|
14
13
|
* - **Stale cookie recovery** — detects "cookie present but session null" and
|
|
15
14
|
* clears the stale cookie via `Set-Cookie: Max-Age=0`, breaking redirect loops
|
|
16
|
-
* - **CSRF bypass** — rewrites the `origin` header for `POST /api/auth/backchannel-logout`
|
|
17
|
-
* so SvelteKit's built-in CSRF check doesn't block server-to-server IdP calls
|
|
18
15
|
* - **User enrichment** — optional `enrichUser` callback for product-specific
|
|
19
16
|
* role resolution (e.g. Venue staff lookup, Portal admin check)
|
|
20
|
-
* - **
|
|
21
|
-
* - **Logout** — clears local cookies and returns the IdP end-session URL
|
|
17
|
+
* - **Logout** — clears local cookies, calls auth.soulcraft.com/api/auth/sign-out
|
|
22
18
|
*
|
|
23
19
|
* ## Usage
|
|
24
20
|
*
|
|
@@ -29,9 +25,6 @@
|
|
|
29
25
|
* const auth = createSoulcraftAuth({ product: 'venue' })
|
|
30
26
|
* export const handle = auth.handle
|
|
31
27
|
*
|
|
32
|
-
* // routes/api/auth/backchannel-logout/+server.ts
|
|
33
|
-
* export const POST = auth.backchannelHandler
|
|
34
|
-
*
|
|
35
28
|
* // routes/api/auth/logout/+server.ts
|
|
36
29
|
* export const POST = auth.logoutHandler
|
|
37
30
|
* ```
|
|
@@ -62,68 +55,24 @@ const SESSION_COOKIE = '__Secure-better-auth.session_token';
|
|
|
62
55
|
* Attributes mirror the IdP's original cookie so the browser accepts it.
|
|
63
56
|
*/
|
|
64
57
|
const CLEAR_SESSION_COOKIE = `${SESSION_COOKIE}=; Domain=.soulcraft.com; Path=/; Max-Age=0; Secure; HttpOnly; SameSite=Lax`;
|
|
65
|
-
/** OIDC Back-Channel Logout event URI (per spec). */
|
|
66
|
-
const BACKCHANNEL_LOGOUT_EVENT = 'http://schemas.openid.net/event/backchannel-logout';
|
|
67
|
-
// ─────────────────────────────────────────────────────────────────────────────
|
|
68
|
-
// JWT verification (Web Crypto API — no external deps)
|
|
69
|
-
// ─────────────────────────────────────────────────────────────────────────────
|
|
70
|
-
/**
|
|
71
|
-
* Verify an HS256 JWT using the Web Crypto API.
|
|
72
|
-
*
|
|
73
|
-
* @param token - Raw JWT string (`header.payload.signature`).
|
|
74
|
-
* @param secret - HMAC secret for signature verification.
|
|
75
|
-
* @returns The decoded payload if the signature is valid, or null.
|
|
76
|
-
*/
|
|
77
|
-
async function verifyHS256JWT(token, secret) {
|
|
78
|
-
const parts = token.split('.');
|
|
79
|
-
if (parts.length !== 3)
|
|
80
|
-
return null;
|
|
81
|
-
const [headerB64, payloadB64, sigB64] = parts;
|
|
82
|
-
let key;
|
|
83
|
-
try {
|
|
84
|
-
key = await crypto.subtle.importKey('raw', new TextEncoder().encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['verify']);
|
|
85
|
-
}
|
|
86
|
-
catch {
|
|
87
|
-
return null;
|
|
88
|
-
}
|
|
89
|
-
const signingInput = `${headerB64}.${payloadB64}`;
|
|
90
|
-
let sigBytes;
|
|
91
|
-
try {
|
|
92
|
-
sigBytes = Uint8Array.from(atob(sigB64.replace(/-/g, '+').replace(/_/g, '/')), (c) => c.charCodeAt(0));
|
|
93
|
-
}
|
|
94
|
-
catch {
|
|
95
|
-
return null;
|
|
96
|
-
}
|
|
97
|
-
const valid = await crypto.subtle.verify('HMAC', key, sigBytes.buffer, new TextEncoder().encode(signingInput));
|
|
98
|
-
if (!valid)
|
|
99
|
-
return null;
|
|
100
|
-
try {
|
|
101
|
-
const padded = payloadB64.replace(/-/g, '+').replace(/_/g, '/') +
|
|
102
|
-
'=='.slice(0, (4 - (payloadB64.length % 4)) % 4);
|
|
103
|
-
return JSON.parse(atob(padded));
|
|
104
|
-
}
|
|
105
|
-
catch {
|
|
106
|
-
return null;
|
|
107
|
-
}
|
|
108
|
-
}
|
|
109
58
|
// ─────────────────────────────────────────────────────────────────────────────
|
|
110
59
|
// createSoulcraftAuth
|
|
111
60
|
// ─────────────────────────────────────────────────────────────────────────────
|
|
112
61
|
/**
|
|
113
62
|
* @description Creates the complete SvelteKit auth integration for a Soulcraft product.
|
|
114
63
|
*
|
|
115
|
-
* Returns a `handle` hook
|
|
116
|
-
*
|
|
117
|
-
*
|
|
64
|
+
* Returns a `handle` hook and a `logoutHandler` — everything needed for auth in a
|
|
65
|
+
* SvelteKit product. One function call replaces ~100 lines of hand-rolled auth code.
|
|
66
|
+
*
|
|
67
|
+
* Products authenticate via shared `.soulcraft.com` session cookies. No OIDC, no
|
|
68
|
+
* client secrets, no backchannel logout. Cookie deletion at sign-out logs out everywhere.
|
|
118
69
|
*
|
|
119
70
|
* **Environment variables read:**
|
|
120
|
-
* - `
|
|
121
|
-
*
|
|
122
|
-
* - `SOULCRAFT_OIDC_CLIENT_SECRET` — OIDC client secret. Required for backchannel logout.
|
|
123
|
-
* - `BETTER_AUTH_URL` — This product's base URL. Used for `post_logout_redirect_uri`.
|
|
71
|
+
* - `SOULCRAFT_AUTH_URL` — Auth server URL. Present → production mode. Absent → dev mode.
|
|
72
|
+
* No backward compatibility with `SOULCRAFT_IDP_URL` — rename to `SOULCRAFT_AUTH_URL`.
|
|
124
73
|
*
|
|
125
74
|
* @param options - Product name, optional verifier override, optional user enrichment.
|
|
126
|
-
* @returns `{ handle,
|
|
75
|
+
* @returns `{ handle, logoutHandler, verifySession }`.
|
|
127
76
|
*
|
|
128
77
|
* @example Minimal setup (Workshop, Academy)
|
|
129
78
|
* ```typescript
|
|
@@ -143,9 +92,9 @@ async function verifyHS256JWT(token, secret) {
|
|
|
143
92
|
* ```
|
|
144
93
|
*/
|
|
145
94
|
export function createSoulcraftAuth(options) {
|
|
146
|
-
const { product, enrichUser, devCookieName = 'soulcraft_dev_session',
|
|
95
|
+
const { product, enrichUser, devCookieName = 'soulcraft_dev_session', defaultDevRole = 'owner', } = options;
|
|
147
96
|
// ── Session verifier selection ──────────────────────────────────────────
|
|
148
|
-
const idpUrl = process.env['
|
|
97
|
+
const idpUrl = process.env['SOULCRAFT_AUTH_URL'];
|
|
149
98
|
const isDevMode = !idpUrl;
|
|
150
99
|
const verifySession = options.verifier
|
|
151
100
|
?? (idpUrl
|
|
@@ -242,15 +191,6 @@ export function createSoulcraftAuth(options) {
|
|
|
242
191
|
};
|
|
243
192
|
// ── Handle hook ─────────────────────────────────────────────────────────
|
|
244
193
|
const handle = async ({ event, resolve }) => {
|
|
245
|
-
// CSRF bypass for backchannel-logout — the IdP sends server-to-server
|
|
246
|
-
// POST requests without a browser origin header. Rewrite it so
|
|
247
|
-
// SvelteKit's CSRF check passes. The endpoint itself verifies the JWT.
|
|
248
|
-
if (event.url.pathname === backchannelPath &&
|
|
249
|
-
event.request.method === 'POST') {
|
|
250
|
-
const headers = new Headers(event.request.headers);
|
|
251
|
-
headers.set('origin', event.url.origin);
|
|
252
|
-
event.request = new Request(event.request, { headers });
|
|
253
|
-
}
|
|
254
194
|
// Resolve session
|
|
255
195
|
const cookieHeader = event.request.headers.get('cookie') ?? '';
|
|
256
196
|
let session = await verifySession(cookieHeader);
|
|
@@ -315,76 +255,25 @@ export function createSoulcraftAuth(options) {
|
|
|
315
255
|
}
|
|
316
256
|
return resolve(event);
|
|
317
257
|
};
|
|
318
|
-
// ── Backchannel logout handler ──────────────────────────────────────────
|
|
319
|
-
const backchannelHandler = async ({ request }) => {
|
|
320
|
-
const clientSecret = process.env['SOULCRAFT_OIDC_CLIENT_SECRET'];
|
|
321
|
-
const idpUrlEnv = process.env['SOULCRAFT_IDP_URL'];
|
|
322
|
-
const clientId = process.env['SOULCRAFT_OIDC_CLIENT_ID'] ?? product;
|
|
323
|
-
// Only operates in OIDC client mode
|
|
324
|
-
if (!clientSecret || !idpUrlEnv) {
|
|
325
|
-
return new Response(null, { status: 200 });
|
|
326
|
-
}
|
|
327
|
-
// Parse logout_token from form body
|
|
328
|
-
let logoutToken = null;
|
|
329
|
-
try {
|
|
330
|
-
const body = await request.text();
|
|
331
|
-
const params = new URLSearchParams(body);
|
|
332
|
-
logoutToken = params.get('logout_token');
|
|
333
|
-
}
|
|
334
|
-
catch {
|
|
335
|
-
return new Response('malformed request body', { status: 400 });
|
|
336
|
-
}
|
|
337
|
-
if (!logoutToken) {
|
|
338
|
-
return new Response('missing logout_token', { status: 400 });
|
|
339
|
-
}
|
|
340
|
-
// Verify JWT signature and claims
|
|
341
|
-
const payload = await verifyHS256JWT(logoutToken, clientSecret);
|
|
342
|
-
if (!payload) {
|
|
343
|
-
return new Response('invalid logout_token', { status: 400 });
|
|
344
|
-
}
|
|
345
|
-
// Validate issuer
|
|
346
|
-
const expectedIss = idpUrlEnv.replace(/\/$/, '');
|
|
347
|
-
if (payload['iss'] !== expectedIss) {
|
|
348
|
-
return new Response('invalid issuer', { status: 400 });
|
|
349
|
-
}
|
|
350
|
-
// Validate audience
|
|
351
|
-
const aud = payload['aud'];
|
|
352
|
-
const audList = Array.isArray(aud) ? aud : [String(aud ?? '')];
|
|
353
|
-
if (!audList.includes(clientId)) {
|
|
354
|
-
return new Response('invalid audience', { status: 400 });
|
|
355
|
-
}
|
|
356
|
-
// Validate events claim
|
|
357
|
-
const events = payload['events'];
|
|
358
|
-
if (!events || !(BACKCHANNEL_LOGOUT_EVENT in events)) {
|
|
359
|
-
return new Response('missing backchannel-logout event claim', { status: 400 });
|
|
360
|
-
}
|
|
361
|
-
// Validate sub claim
|
|
362
|
-
if (!payload['sub'] || typeof payload['sub'] !== 'string') {
|
|
363
|
-
return new Response('missing sub claim', { status: 400 });
|
|
364
|
-
}
|
|
365
|
-
// SvelteKit products hold no local sessions — auth state lives at the IdP.
|
|
366
|
-
// The SDK verifier's 30s LRU cache will expire naturally.
|
|
367
|
-
return new Response(null, { status: 200 });
|
|
368
|
-
};
|
|
369
258
|
// ── Logout handler ──────────────────────────────────────────────────────
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
259
|
+
// Clears the local dev cookie (if dev mode) and calls the auth server's
|
|
260
|
+
// sign-out endpoint to clear the .soulcraft.com session cookie.
|
|
261
|
+
const logoutHandler = async ({ request, cookies, url }) => {
|
|
262
|
+
if (isDevMode) {
|
|
374
263
|
cookies.delete(devCookieName, { path: '/' });
|
|
375
264
|
return new Response(JSON.stringify({ redirect: '/' }), {
|
|
376
265
|
headers: { 'Content-Type': 'application/json' },
|
|
377
266
|
});
|
|
378
267
|
}
|
|
379
|
-
//
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
}
|
|
386
|
-
|
|
387
|
-
return new Response(JSON.stringify({ redirect:
|
|
268
|
+
// Call auth server sign-out (clears the .soulcraft.com cookie)
|
|
269
|
+
try {
|
|
270
|
+
await fetch(`${idpUrl}/api/auth/sign-out`, {
|
|
271
|
+
method: 'POST',
|
|
272
|
+
headers: { cookie: request.headers.get('cookie') ?? '' },
|
|
273
|
+
});
|
|
274
|
+
}
|
|
275
|
+
catch { /* sign-out is best-effort */ }
|
|
276
|
+
return new Response(JSON.stringify({ redirect: '/' }), {
|
|
388
277
|
headers: { 'Content-Type': 'application/json' },
|
|
389
278
|
});
|
|
390
279
|
};
|
|
@@ -398,7 +287,6 @@ export function createSoulcraftAuth(options) {
|
|
|
398
287
|
startHandler,
|
|
399
288
|
callbackHandler,
|
|
400
289
|
sessionHandler,
|
|
401
|
-
backchannelHandler,
|
|
402
290
|
logoutHandler,
|
|
403
291
|
devLoginHandler,
|
|
404
292
|
verifySession,
|
|
@@ -407,11 +295,11 @@ export function createSoulcraftAuth(options) {
|
|
|
407
295
|
/**
|
|
408
296
|
* @description Build the auth.soulcraft.com login URL for redirecting unauthenticated users.
|
|
409
297
|
*
|
|
410
|
-
* In production (
|
|
298
|
+
* In production (SOULCRAFT_AUTH_URL set), returns a URL to the central IdP login page
|
|
411
299
|
* with `?redirect=`, `?product=`, and `?tenant=` query params. The IdP sets a
|
|
412
300
|
* `.soulcraft.com` cookie and redirects back to the specified URL.
|
|
413
301
|
*
|
|
414
|
-
* In dev mode (no
|
|
302
|
+
* In dev mode (no SOULCRAFT_AUTH_URL), returns `/api/dev/login?redirect=<url>` so
|
|
415
303
|
* developers hit the local dev login handler instead of the real IdP.
|
|
416
304
|
*
|
|
417
305
|
* @param options - Redirect URL, optional product and tenant context.
|
|
@@ -429,13 +317,13 @@ export function createSoulcraftAuth(options) {
|
|
|
429
317
|
* ```
|
|
430
318
|
*/
|
|
431
319
|
export function buildLoginUrl(options) {
|
|
432
|
-
const
|
|
433
|
-
if (!
|
|
320
|
+
const authUrl = process.env['SOULCRAFT_AUTH_URL'];
|
|
321
|
+
if (!authUrl) {
|
|
434
322
|
// Dev mode — use the local dev login endpoint
|
|
435
323
|
const params = new URLSearchParams({ redirect: options.redirectUrl });
|
|
436
324
|
return `/api/dev/login?${params}`;
|
|
437
325
|
}
|
|
438
|
-
// Production — redirect to the
|
|
326
|
+
// Production — redirect to the auth server login page
|
|
439
327
|
const params = new URLSearchParams({
|
|
440
328
|
redirect: options.redirectUrl,
|
|
441
329
|
});
|
|
@@ -443,6 +331,6 @@ export function buildLoginUrl(options) {
|
|
|
443
331
|
params.set('product', options.product);
|
|
444
332
|
if (options.tenant)
|
|
445
333
|
params.set('tenant', options.tenant);
|
|
446
|
-
return `${
|
|
334
|
+
return `${authUrl.replace(/\/$/, '')}/login?${params}`;
|
|
447
335
|
}
|
|
448
336
|
//# sourceMappingURL=sveltekit.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sveltekit.js","sourceRoot":"","sources":["../../../src/modules/auth/sveltekit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAEH,OAAO,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,4BAA4B,EAAE,MAAM,yBAAyB,CAAA;AAG5H,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AAkN9C,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,cAAc,GAAG,oCAAoC,CAAA;AAE3D;;;GAGG;AACH,MAAM,oBAAoB,GACxB,GAAG,cAAc,6EAA6E,CAAA;AAEhG,qDAAqD;AACrD,MAAM,wBAAwB,GAAG,oDAAoD,CAAA;AAErF,gFAAgF;AAChF,uDAAuD;AACvD,gFAAgF;AAEhF;;;;;;GAMG;AACH,KAAK,UAAU,cAAc,CAC3B,KAAa,EACb,MAAc;IAEd,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAEnC,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC,GAAG,KAAiC,CAAA;IAEzE,IAAI,GAAc,CAAA;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACjC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAChC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAA;IACjD,IAAI,QAAoB,CAAA;IACxB,IAAI,CAAC;QACH,QAAQ,GAAG,UAAU,CAAC,IAAI,CACxB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,EAClD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CACvB,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACtC,MAAM,EACN,GAAG,EACH,QAAQ,CAAC,MAAqB,EAC9B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CACvC,CAAA;IACD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IAEvB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;YAC7D,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QAClD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAA4B,CAAA;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAA6B;IAC/D,MAAM,EACJ,OAAO,EACP,UAAU,EACV,aAAa,GAAG,uBAAuB,EACvC,eAAe,GAAG,8BAA8B,EAChD,cAAc,GAAG,OAAO,GACzB,GAAG,OAAO,CAAA;IAEX,2EAA2E;IAC3E,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;IAC/C,MAAM,SAAS,GAAG,CAAC,MAAM,CAAA;IACzB,MAAM,aAAa,GAAoB,OAAO,CAAC,QAAQ;WAClD,CAAC,MAAM;YACR,CAAC,CAAC,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;YACzC,CAAC,CAAC,uBAAuB,CAAC,aAAa,CAAC,CAAC,CAAA;IAE7C,2EAA2E;IAC3E,IAAI,SAAS,IAAI,cAAc,KAAK,KAAK,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,CAAA;QAClE,OAAO,CAAC,GAAG,CAAC,oBAAoB,OAAO,iBAAiB,cAAc,GAAG,CAAC,CAAA;QAC1E,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;QAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAA;QACrE,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAA;IACf,CAAC;IAED,uEAAuE;IACvE,oEAAoE;IACpE,kEAAkE;IAElE,uCAAuC;IACvC,MAAM,YAAY,GAA4B,KAAK,EAAE,KAAK,EAAE,EAAE;QAC5D,MAAM,YAAY,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,GAAG,CAAA;QAErE,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,cAAc,IAAI,OAAO,CAAA;YACzC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,uBAAuB,OAAO,aAAa,kBAAkB,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QAClJ,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;eACrC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,OAAO;gBAC5D,CAAC,CAAC,WAAW,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE;gBAC7B,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAEvB,MAAM,WAAW,GAAG,GAAG,YAAY,4BAA4B,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAA;QACjG,MAAM,OAAO,GAAG,GAAG,MAAM,uBAAuB,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAA;QACjF,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,CAAA;IAC5E,CAAC,CAAA;IAED,8DAA8D;IAC9D,MAAM,eAAe,GAA4B,KAAK,EAAE,KAAK,EAAE,EAAE;QAC/D,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC/C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,CAAC,CAAA;QAClF,CAAC;QAED,IAAI,IAAI,GAAmC,IAAI,CAAA;QAC/C,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,GAAG,MAAM,gCAAgC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAA;YACvF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAA;YACpC,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;gBACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAwC,CAAA;gBACnE,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAA;YAC1B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,qBAAqB,CAAC,CAAC;QAEjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,wCAAwC,EAAE,EAAE,CAAC,CAAA;QAC7G,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;QACzC,MAAM,WAAW,GAAqB;YACpC,IAAI,EAAE;gBACJ,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,KAAK;gBACL,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBAChC,KAAK,EAAG,IAAI,CAAC,OAAO,CAAmB,IAAI,IAAI;gBAC/C,YAAY,EAAG,IAAI,CAAC,cAAc,CAA0C,IAAI,SAAS;gBACzF,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC;aACnF;YACD,SAAS,EAAE,gBAAgB,IAAI,CAAC,GAAG,EAAE,EAAE;YACvC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SAChD,CAAA;QAED,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;QAC9E,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,GAAG,CAAA;QAChE,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,OAAO,CAAA;QAE5G,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAC,CAAA;QACtF,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE;YACpC,GAAG,aAAa,IAAI,OAAO,EAAE;YAC7B,QAAQ;YACR,UAAU;YACV,cAAc;YACd,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YACtB,gBAAgB;SACjB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;QAC7B,OAAO,QAAQ,CAAA;IACjB,CAAC,CAAA;IAED,oDAAoD;IACpD,MAAM,cAAc,GAA4B,KAAK,EAAE,KAAK,EAAE,EAAE;QAC9D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAmC,CAAA;QACnE,IAAI,CAAC,IAAI;YAAE,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAA;QACzD,OAAO,QAAQ,CAAC,IAAI,CAAC;YACnB,aAAa,EAAE,IAAI;YACnB,IAAI,EAAE;gBACJ,EAAE,EAAG,IAAY,CAAC,EAAE;gBACpB,KAAK,EAAG,IAAY,CAAC,KAAK;gBAC1B,IAAI,EAAG,IAAY,CAAC,IAAI;gBACxB,KAAK,EAAG,IAAY,CAAC,KAAK,IAAI,IAAI;aACnC;SACF,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,2EAA2E;IAC3E,MAAM,MAAM,GAAoB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE;QAC3D,sEAAsE;QACtE,+DAA+D;QAC/D,uEAAuE;QACvE,IACE,KAAK,CAAC,GAAG,CAAC,QAAQ,KAAK,eAAe;YACtC,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,EAC/B,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;YAClD,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YACvC,KAAK,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CAAA;QACzD,CAAC;QAED,kBAAkB;QAClB,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;QAC9D,IAAI,OAAO,GAAG,MAAM,aAAa,CAAC,YAAY,CAAC,CAAA;QAE/C,uEAAuE;QACvE,MAAM,gBAAgB,GAAG,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;QAC9D,IAAI,gBAAgB,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,CAAA;YACrC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAA;YAC3D,OAAO,QAAQ,CAAA;QACjB,CAAC;QAED,uEAAuE;QACvE,sEAAsE;QACtE,qEAAqE;QACrE,+DAA+D;QAC/D,IAAI,SAAS,IAAI,CAAC,OAAO,IAAI,cAAc,KAAK,KAAK,EAAE,CAAC;YACtD,MAAM,IAAI,GAAG,cAAc,CAAA;YAC3B,MAAM,KAAK,GAAG,OAAO,IAAI,gBAAgB,CAAA;YACzC,MAAM,WAAW,GAAqB;gBACpC,IAAI,EAAE;oBACJ,EAAE,EAAE,YAAY,IAAI,EAAE;oBACtB,KAAK;oBACL,IAAI,EAAE,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;oBAC3D,KAAK,EAAE,IAAI;oBACX,YAAY,EAAE,IAAI;oBAClB,SAAS,EAAE,gBAAgB,CAAC,KAAK,CAAC;iBACnC;gBACD,SAAS,EAAE,oBAAoB,IAAI,CAAC,GAAG,EAAE,EAAE;gBAC3C,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU;aACnC,CAAA;YAED,OAAO,GAAG,WAAW,CAAA;YAErB,oEAAoE;YACpE,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;YAClF,MAAM,SAAS,GAAG;gBAChB,GAAG,aAAa,IAAI,WAAW,EAAE;gBACjC,QAAQ;gBACR,UAAU;gBACV,cAAc;gBACd,eAAe;aAChB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAEZ,kEAAkE;YAClE,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,SAAS,EAAE,CAAA;YAChG,MAAM,IAAI,GAAG,UAAU;gBACrB,CAAC,CAAC,MAAM,UAAU,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC;gBAC3C,CAAC,CAAC,WAAW,CAAC,IAAI,CAAA;YACpB,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;YAE3B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,CAAA;YACrC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;YAChD,OAAO,QAAQ,CAAA;QACjB,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO;YAC/B,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE;YAChE,CAAC,CAAC,IAAI,CAAA;QAER,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,UAAU;gBACrB,CAAC,CAAC,MAAM,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;gBACvC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAA;YAChB,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;QAC7B,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;QAC7B,CAAC;QAED,OAAO,OAAO,CAAC,KAAK,CAAC,CAAA;IACvB,CAAC,CAAA;IAED,2EAA2E;IAC3E,MAAM,kBAAkB,GAA4B,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QACxE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAA;QAChE,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,IAAI,OAAO,CAAA;QAEnE,oCAAoC;QACpC,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC5C,CAAC;QAED,oCAAoC;QACpC,IAAI,WAAW,GAAkB,IAAI,CAAA;QACrC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;YACjC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAA;YACxC,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,QAAQ,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAChE,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,QAAQ,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC9D,CAAC;QAED,kCAAkC;QAClC,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,YAAY,CAAC,CAAA;QAC/D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,QAAQ,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC9D,CAAC;QAED,kBAAkB;QAClB,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;QAChD,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,WAAW,EAAE,CAAC;YACnC,OAAO,IAAI,QAAQ,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QACxD,CAAC;QAED,oBAAoB;QACpB,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAA;QAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAe,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,CAAA;QAC1E,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,QAAQ,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC1D,CAAC;QAED,wBAAwB;QACxB,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAwC,CAAA;QACvE,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC,wBAAwB,IAAI,MAAM,CAAC,EAAE,CAAC;YACrD,OAAO,IAAI,QAAQ,CAAC,wCAAwC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAChF,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1D,OAAO,IAAI,QAAQ,CAAC,mBAAmB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC3D,CAAC;QAED,2EAA2E;QAC3E,0DAA0D;QAC1D,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAC5C,CAAC,CAAA;IAED,2EAA2E;IAC3E,MAAM,aAAa,GAA4B,KAAK,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE;QACxE,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAElD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,4DAA4D;YAC5D,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAA;YAC5C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;gBACrD,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAA;QACJ,CAAC;QAED,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,IAAI,OAAO,CAAA;QACnE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,IAAI,EAAE,CAAA;QAChF,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,QAAQ;YACnB,wBAAwB,EAAE,GAAG,OAAO,GAAG;SACxC,CAAC,CAAA;QAEF,MAAM,aAAa,GAAG,GAAG,SAAS,+BAA+B,MAAM,EAAE,CAAA;QACzE,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;YAC/D,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,0EAA0E;IAC1E,MAAM,WAAW,GAAG,4BAA4B,CAAC;QAC/C,UAAU,EAAE,aAAa;KAC1B,CAAC,CAAA;IACF,MAAM,eAAe,GAAG,CAAC,KAAqB,EAAY,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IAEvF,OAAO;QACL,MAAM;QACN,YAAY;QACZ,eAAe;QACf,cAAc;QACd,kBAAkB;QAClB,aAAa;QACb,eAAe;QACf,aAAa;KACd,CAAA;AACH,CAAC;AA8BD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,aAAa,CAAC,OAA6B;IACzD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;IAE/C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,8CAA8C;QAC9C,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAA;QACrE,OAAO,kBAAkB,MAAM,EAAE,CAAA;IACnC,CAAC;IAED,sDAAsD;IACtD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,QAAQ,EAAE,OAAO,CAAC,WAAW;KAC9B,CAAC,CAAA;IACF,IAAI,OAAO,CAAC,OAAO;QAAE,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;IAC3D,IAAI,OAAO,CAAC,MAAM;QAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;IAExD,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,MAAM,EAAE,CAAA;AACvD,CAAC"}
|
|
1
|
+
{"version":3,"file":"sveltekit.js","sourceRoot":"","sources":["../../../src/modules/auth/sveltekit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AAEH,OAAO,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,4BAA4B,EAAE,MAAM,yBAAyB,CAAA;AAG5H,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AA2L9C,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,cAAc,GAAG,oCAAoC,CAAA;AAE3D;;;GAGG;AACH,MAAM,oBAAoB,GACxB,GAAG,cAAc,6EAA6E,CAAA;AAEhG,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAA6B;IAC/D,MAAM,EACJ,OAAO,EACP,UAAU,EACV,aAAa,GAAG,uBAAuB,EACvC,cAAc,GAAG,OAAO,GACzB,GAAG,OAAO,CAAA;IAEX,2EAA2E;IAC3E,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAA;IAChD,MAAM,SAAS,GAAG,CAAC,MAAM,CAAA;IACzB,MAAM,aAAa,GAAoB,OAAO,CAAC,QAAQ;WAClD,CAAC,MAAM;YACR,CAAC,CAAC,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;YACzC,CAAC,CAAC,uBAAuB,CAAC,aAAa,CAAC,CAAC,CAAA;IAE7C,2EAA2E;IAC3E,IAAI,SAAS,IAAI,cAAc,KAAK,KAAK,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,CAAA;QAClE,OAAO,CAAC,GAAG,CAAC,oBAAoB,OAAO,iBAAiB,cAAc,GAAG,CAAC,CAAA;QAC1E,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;QAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAA;QACrE,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAA;IACf,CAAC;IAED,uEAAuE;IACvE,oEAAoE;IACpE,kEAAkE;IAElE,uCAAuC;IACvC,MAAM,YAAY,GAA4B,KAAK,EAAE,KAAK,EAAE,EAAE;QAC5D,MAAM,YAAY,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,GAAG,CAAA;QAErE,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,cAAc,IAAI,OAAO,CAAA;YACzC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,uBAAuB,OAAO,aAAa,kBAAkB,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QAClJ,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;eACrC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,OAAO;gBAC5D,CAAC,CAAC,WAAW,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE;gBAC7B,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAEvB,MAAM,WAAW,GAAG,GAAG,YAAY,4BAA4B,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAA;QACjG,MAAM,OAAO,GAAG,GAAG,MAAM,uBAAuB,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAA;QACjF,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,CAAA;IAC5E,CAAC,CAAA;IAED,8DAA8D;IAC9D,MAAM,eAAe,GAA4B,KAAK,EAAE,KAAK,EAAE,EAAE;QAC/D,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC/C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,CAAC,CAAA;QAClF,CAAC;QAED,IAAI,IAAI,GAAmC,IAAI,CAAA;QAC/C,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,GAAG,MAAM,gCAAgC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAA;YACvF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAA;YACpC,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;gBACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAwC,CAAA;gBACnE,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAA;YAC1B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,qBAAqB,CAAC,CAAC;QAEjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,wCAAwC,EAAE,EAAE,CAAC,CAAA;QAC7G,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;QACzC,MAAM,WAAW,GAAqB;YACpC,IAAI,EAAE;gBACJ,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,KAAK;gBACL,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBAChC,KAAK,EAAG,IAAI,CAAC,OAAO,CAAmB,IAAI,IAAI;gBAC/C,YAAY,EAAG,IAAI,CAAC,cAAc,CAA0C,IAAI,SAAS;gBACzF,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC;aACnF;YACD,SAAS,EAAE,gBAAgB,IAAI,CAAC,GAAG,EAAE,EAAE;YACvC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SAChD,CAAA;QAED,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;QAC9E,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,GAAG,CAAA;QAChE,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,OAAO,CAAA;QAE5G,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAC,CAAA;QACtF,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE;YACpC,GAAG,aAAa,IAAI,OAAO,EAAE;YAC7B,QAAQ;YACR,UAAU;YACV,cAAc;YACd,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YACtB,gBAAgB;SACjB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;QAC7B,OAAO,QAAQ,CAAA;IACjB,CAAC,CAAA;IAED,oDAAoD;IACpD,MAAM,cAAc,GAA4B,KAAK,EAAE,KAAK,EAAE,EAAE;QAC9D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAmC,CAAA;QACnE,IAAI,CAAC,IAAI;YAAE,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAA;QACzD,OAAO,QAAQ,CAAC,IAAI,CAAC;YACnB,aAAa,EAAE,IAAI;YACnB,IAAI,EAAE;gBACJ,EAAE,EAAG,IAAY,CAAC,EAAE;gBACpB,KAAK,EAAG,IAAY,CAAC,KAAK;gBAC1B,IAAI,EAAG,IAAY,CAAC,IAAI;gBACxB,KAAK,EAAG,IAAY,CAAC,KAAK,IAAI,IAAI;aACnC;SACF,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,2EAA2E;IAC3E,MAAM,MAAM,GAAoB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE;QAC3D,kBAAkB;QAClB,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;QAC9D,IAAI,OAAO,GAAG,MAAM,aAAa,CAAC,YAAY,CAAC,CAAA;QAE/C,uEAAuE;QACvE,MAAM,gBAAgB,GAAG,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;QAC9D,IAAI,gBAAgB,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,CAAA;YACrC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAA;YAC3D,OAAO,QAAQ,CAAA;QACjB,CAAC;QAED,uEAAuE;QACvE,sEAAsE;QACtE,qEAAqE;QACrE,+DAA+D;QAC/D,IAAI,SAAS,IAAI,CAAC,OAAO,IAAI,cAAc,KAAK,KAAK,EAAE,CAAC;YACtD,MAAM,IAAI,GAAG,cAAc,CAAA;YAC3B,MAAM,KAAK,GAAG,OAAO,IAAI,gBAAgB,CAAA;YACzC,MAAM,WAAW,GAAqB;gBACpC,IAAI,EAAE;oBACJ,EAAE,EAAE,YAAY,IAAI,EAAE;oBACtB,KAAK;oBACL,IAAI,EAAE,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;oBAC3D,KAAK,EAAE,IAAI;oBACX,YAAY,EAAE,IAAI;oBAClB,SAAS,EAAE,gBAAgB,CAAC,KAAK,CAAC;iBACnC;gBACD,SAAS,EAAE,oBAAoB,IAAI,CAAC,GAAG,EAAE,EAAE;gBAC3C,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU;aACnC,CAAA;YAED,OAAO,GAAG,WAAW,CAAA;YAErB,oEAAoE;YACpE,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;YAClF,MAAM,SAAS,GAAG;gBAChB,GAAG,aAAa,IAAI,WAAW,EAAE;gBACjC,QAAQ;gBACR,UAAU;gBACV,cAAc;gBACd,eAAe;aAChB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAEZ,kEAAkE;YAClE,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,SAAS,EAAE,CAAA;YAChG,MAAM,IAAI,GAAG,UAAU;gBACrB,CAAC,CAAC,MAAM,UAAU,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC;gBAC3C,CAAC,CAAC,WAAW,CAAC,IAAI,CAAA;YACpB,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;YAE3B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,CAAA;YACrC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;YAChD,OAAO,QAAQ,CAAA;QACjB,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO;YAC/B,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE;YAChE,CAAC,CAAC,IAAI,CAAA;QAER,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,UAAU;gBACrB,CAAC,CAAC,MAAM,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;gBACvC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAA;YAChB,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;QAC7B,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;QAC7B,CAAC;QAED,OAAO,OAAO,CAAC,KAAK,CAAC,CAAA;IACvB,CAAC,CAAA;IAED,2EAA2E;IAC3E,wEAAwE;IACxE,gEAAgE;IAChE,MAAM,aAAa,GAA4B,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE;QACjF,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAA;YAC5C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;gBACrD,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAA;QACJ,CAAC;QAED,+DAA+D;QAC/D,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,GAAG,MAAM,oBAAoB,EAAE;gBACzC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE;aACzD,CAAC,CAAA;QACJ,CAAC;QAAC,MAAM,CAAC,CAAC,6BAA6B,CAAC,CAAC;QAEzC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;YACrD,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,0EAA0E;IAC1E,MAAM,WAAW,GAAG,4BAA4B,CAAC;QAC/C,UAAU,EAAE,aAAa;KAC1B,CAAC,CAAA;IACF,MAAM,eAAe,GAAG,CAAC,KAAqB,EAAY,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IAEvF,OAAO;QACL,MAAM;QACN,YAAY;QACZ,eAAe;QACf,cAAc;QACd,aAAa;QACb,eAAe;QACf,aAAa;KACd,CAAA;AACH,CAAC;AA8BD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,aAAa,CAAC,OAA6B;IACzD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAA;IAEjD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,8CAA8C;QAC9C,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAA;QACrE,OAAO,kBAAkB,MAAM,EAAE,CAAA;IACnC,CAAC;IAED,sDAAsD;IACtD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,QAAQ,EAAE,OAAO,CAAC,WAAW;KAC9B,CAAC,CAAA;IACF,IAAI,OAAO,CAAC,OAAO;QAAE,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;IAC3D,IAAI,OAAO,CAAC,MAAM;QAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;IAExD,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,MAAM,EAAE,CAAA;AACxD,CAAC"}
|
|
@@ -123,34 +123,6 @@ export interface SoulcraftSession {
|
|
|
123
123
|
/** Session expiry timestamp (Unix milliseconds). */
|
|
124
124
|
expiresAt: number;
|
|
125
125
|
}
|
|
126
|
-
/**
|
|
127
|
-
* Configuration for a product registering as an OIDC client of the central IdP.
|
|
128
|
-
*
|
|
129
|
-
* Used when `SOULCRAFT_IDP_URL` is set. Without it, each product runs
|
|
130
|
-
* better-auth standalone with its own SQLite auth database.
|
|
131
|
-
*/
|
|
132
|
-
export interface OIDCClientConfig {
|
|
133
|
-
/** The central IdP base URL. @example "https://auth.soulcraft.com" */
|
|
134
|
-
idpUrl: string;
|
|
135
|
-
/** This product's OIDC client ID as registered with the central IdP. */
|
|
136
|
-
clientId: string;
|
|
137
|
-
/** This product's OIDC client secret. */
|
|
138
|
-
clientSecret: string;
|
|
139
|
-
/**
|
|
140
|
-
* This product's redirect URI for OIDC callbacks.
|
|
141
|
-
*
|
|
142
|
-
* Optional — better-auth's genericOAuth plugin derives it automatically from
|
|
143
|
-
* `BETTER_AUTH_URL` as `${BETTER_AUTH_URL}/api/auth/oauth2/callback/:providerId`.
|
|
144
|
-
*/
|
|
145
|
-
redirectUri?: string;
|
|
146
|
-
}
|
|
147
|
-
/**
|
|
148
|
-
* The SSO mode this product instance is operating in.
|
|
149
|
-
*
|
|
150
|
-
* - `standalone` — better-auth handles auth locally (dev or before central IdP)
|
|
151
|
-
* - `oidc-client` — better-auth delegates to auth.soulcraft.com
|
|
152
|
-
*/
|
|
153
|
-
export type AuthMode = 'standalone' | 'oidc-client';
|
|
154
126
|
/**
|
|
155
127
|
* @description The sdk.auth namespace on SoulcraftSDK.
|
|
156
128
|
*
|