@spfn/auth 0.2.0-beta.12 → 0.2.0-beta.14

package/dist/server.js

@@ -1359,7 +1359,7 @@ var init_literal2 = __esm({
 });
 
 // ../../node_modules/.pnpm/@sinclair+typebox@0.34.41/node_modules/@sinclair/typebox/build/esm/type/boolean/boolean.mjs
-function Boolean(options) {
+function Boolean2(options) {
   return CreateType({ [Kind]: "Boolean", type: "boolean" }, options);
 }
 var init_boolean = __esm({
@@ -1441,7 +1441,7 @@ var init_string2 = __esm({
 // ../../node_modules/.pnpm/@sinclair+typebox@0.34.41/node_modules/@sinclair/typebox/build/esm/type/template-literal/syntax.mjs
 function* FromUnion(syntax) {
   const trim = syntax.trim().replace(/"|'/g, "");
-  return trim === "boolean" ? yield Boolean() : trim === "number" ? yield Number2() : trim === "bigint" ? yield BigInt() : trim === "string" ? yield String2() : yield (() => {
+  return trim === "boolean" ? yield Boolean2() : trim === "number" ? yield Number2() : trim === "bigint" ? yield BigInt() : trim === "string" ? yield String2() : yield (() => {
     const literals = trim.split("|").map((literal) => Literal(literal.trim()));
     return literals.length === 0 ? Never() : literals.length === 1 ? literals[0] : UnionEvaluated(literals);
   })();
@@ -4244,7 +4244,7 @@ __export(type_exports3, {
   AsyncIterator: () => AsyncIterator,
   Awaited: () => Awaited,
   BigInt: () => BigInt,
-  Boolean: () => Boolean,
+  Boolean: () => Boolean2,
   Capitalize: () => Capitalize,
   Composite: () => Composite,
   Const: () => Const,
@@ -7679,13 +7679,21 @@ function getGoogleOAuthConfig() {
     redirectUri
   };
 }
-function getGoogleAuthUrl(state, scopes = ["email", "profile"]) {
+function getDefaultScopes() {
+  const envScopes = env5.SPFN_AUTH_GOOGLE_SCOPES;
+  if (envScopes) {
+    return envScopes.split(",").map((s) => s.trim()).filter(Boolean);
+  }
+  return ["email", "profile"];
+}
+function getGoogleAuthUrl(state, scopes) {
+  const resolvedScopes = scopes ?? getDefaultScopes();
   const config = getGoogleOAuthConfig();
   const params = new URLSearchParams({
     client_id: config.clientId,
     redirect_uri: config.redirectUri,
     response_type: "code",
-    scope: scopes.join(" "),
+    scope: resolvedScopes.join(" "),
     state,
     access_type: "offline",
     // refresh_token 받기 위해
@@ -7947,6 +7955,31 @@ function getEnabledOAuthProviders() {
   }
   return providers;
 }
+var TOKEN_EXPIRY_BUFFER_MS = 5 * 60 * 1e3;
+async function getGoogleAccessToken(userId) {
+  const account = await socialAccountsRepository.findByUserIdAndProvider(userId, "google");
+  if (!account) {
+    throw new ValidationError2({
+      message: "No Google account linked. User must sign in with Google first."
+    });
+  }
+  const isExpired = !account.tokenExpiresAt || account.tokenExpiresAt.getTime() < Date.now() + TOKEN_EXPIRY_BUFFER_MS;
+  if (!isExpired && account.accessToken) {
+    return account.accessToken;
+  }
+  if (!account.refreshToken) {
+    throw new ValidationError2({
+      message: "Google refresh token not available. User must re-authenticate with Google."
+    });
+  }
+  const tokens = await refreshAccessToken(account.refreshToken);
+  await socialAccountsRepository.updateTokens(account.id, {
+    accessToken: tokens.access_token,
+    refreshToken: tokens.refresh_token ?? account.refreshToken,
+    tokenExpiresAt: new Date(Date.now() + tokens.expires_in * 1e3)
+  });
+  return tokens.access_token;
+}
 
 // src/server/routes/auth/index.ts
 init_esm();
@@ -9077,6 +9110,7 @@ export {
   getAuthConfig,
   getAuthSessionService,
   getEnabledOAuthProviders,
+  getGoogleAccessToken,
   getGoogleAuthUrl,
   getGoogleOAuthConfig,
   getGoogleUserInfo,