@spfn/auth 0.2.0-beta.3 → 0.2.0-beta.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/README.md +689 -180
  2. package/dist/{dto-CLYtuAom.d.ts → authenticate-Brx2N-Ip.d.ts} +413 -147
  3. package/dist/config.d.ts +100 -44
  4. package/dist/config.js +64 -35
  5. package/dist/config.js.map +1 -1
  6. package/dist/errors.d.ts +16 -2
  7. package/dist/errors.js +12 -0
  8. package/dist/errors.js.map +1 -1
  9. package/dist/index.d.ts +279 -100
  10. package/dist/index.js +47 -1
  11. package/dist/index.js.map +1 -1
  12. package/dist/nextjs/api.js +202 -1
  13. package/dist/nextjs/api.js.map +1 -1
  14. package/dist/nextjs/client.d.ts +28 -0
  15. package/dist/nextjs/client.js +80 -0
  16. package/dist/nextjs/client.js.map +1 -0
  17. package/dist/nextjs/server.d.ts +89 -2
  18. package/dist/nextjs/server.js +147 -22
  19. package/dist/nextjs/server.js.map +1 -1
  20. package/dist/server.d.ts +576 -360
  21. package/dist/server.js +1089 -484
  22. package/dist/server.js.map +1 -1
  23. package/migrations/0001_smooth_the_fury.sql +3 -0
  24. package/migrations/meta/0001_snapshot.json +1660 -0
  25. package/migrations/meta/_journal.json +7 -0
  26. package/package.json +14 -10
package/dist/config.d.ts CHANGED
@@ -31,8 +31,9 @@ declare const authEnvSchema: {
31
31
  description: string;
32
32
  required: boolean;
33
33
  fallbackKeys: string[];
34
- validator: _spfn_core_env.Parser<string>;
34
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
35
35
  sensitive: boolean;
36
+ nextjs: boolean;
36
37
  examples: string[];
37
38
  type: "string";
38
39
  } & {
@@ -42,8 +43,10 @@ declare const authEnvSchema: {
42
43
  description: string;
43
44
  default: string;
44
45
  required: boolean;
46
+ nextjs: boolean;
45
47
  examples: string[];
46
48
  type: "string";
49
+ validator: (value: string) => string;
47
50
  } & {
48
51
  key: "SPFN_AUTH_SESSION_TTL";
49
52
  };
@@ -53,6 +56,7 @@ declare const authEnvSchema: {
53
56
  required: boolean;
54
57
  examples: string[];
55
58
  type: "string";
59
+ validator: (value: string) => string;
56
60
  } & {
57
61
  key: "SPFN_AUTH_JWT_SECRET";
58
62
  };
@@ -62,6 +66,7 @@ declare const authEnvSchema: {
62
66
  required: boolean;
63
67
  examples: string[];
64
68
  type: "string";
69
+ validator: (value: string) => string;
65
70
  } & {
66
71
  key: "SPFN_AUTH_JWT_EXPIRES_IN";
67
72
  };
@@ -81,6 +86,7 @@ declare const authEnvSchema: {
81
86
  required: boolean;
82
87
  examples: string[];
83
88
  type: "string";
89
+ validator: (value: string) => string;
84
90
  } & {
85
91
  key: "SPFN_AUTH_VERIFICATION_TOKEN_SECRET";
86
92
  };
@@ -89,6 +95,7 @@ declare const authEnvSchema: {
89
95
  required: boolean;
90
96
  examples: string[];
91
97
  type: "string";
98
+ validator: (value: string) => string;
92
99
  } & {
93
100
  key: "SPFN_AUTH_ADMIN_ACCOUNTS";
94
101
  };
@@ -97,6 +104,7 @@ declare const authEnvSchema: {
97
104
  required: boolean;
98
105
  examples: string[];
99
106
  type: "string";
107
+ validator: (value: string) => string;
100
108
  } & {
101
109
  key: "SPFN_AUTH_ADMIN_EMAILS";
102
110
  };
@@ -105,6 +113,7 @@ declare const authEnvSchema: {
105
113
  required: boolean;
106
114
  examples: string[];
107
115
  type: "string";
116
+ validator: (value: string) => string;
108
117
  } & {
109
118
  key: "SPFN_AUTH_ADMIN_PASSWORDS";
110
119
  };
@@ -113,6 +122,7 @@ declare const authEnvSchema: {
113
122
  required: boolean;
114
123
  examples: string[];
115
124
  type: "string";
125
+ validator: (value: string) => string;
116
126
  } & {
117
127
  key: "SPFN_AUTH_ADMIN_ROLES";
118
128
  };
@@ -121,13 +131,14 @@ declare const authEnvSchema: {
121
131
  required: boolean;
122
132
  examples: string[];
123
133
  type: "string";
134
+ validator: (value: string) => string;
124
135
  } & {
125
136
  key: "SPFN_AUTH_ADMIN_EMAIL";
126
137
  };
127
138
  SPFN_AUTH_ADMIN_PASSWORD: {
128
139
  description: string;
129
140
  required: boolean;
130
- validator: _spfn_core_env.Parser<string>;
141
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
131
142
  sensitive: boolean;
132
143
  examples: string[];
133
144
  type: "string";
@@ -140,77 +151,94 @@ declare const authEnvSchema: {
140
151
  required: boolean;
141
152
  examples: string[];
142
153
  type: "string";
154
+ validator: (value: string) => string;
143
155
  } & {
144
156
  key: "SPFN_API_URL";
145
157
  };
146
- SPFN_AUTH_AWS_REGION: {
158
+ NEXT_PUBLIC_SPFN_API_URL: {
147
159
  description: string;
148
- default: string;
149
160
  required: boolean;
150
161
  examples: string[];
151
162
  type: "string";
163
+ validator: (value: string) => string;
152
164
  } & {
153
- key: "SPFN_AUTH_AWS_REGION";
165
+ key: "NEXT_PUBLIC_SPFN_API_URL";
154
166
  };
155
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
167
+ SPFN_APP_URL: {
156
168
  description: string;
169
+ default: string;
157
170
  required: boolean;
158
- sensitive: boolean;
159
171
  examples: string[];
160
172
  type: "string";
173
+ validator: (value: string) => string;
161
174
  } & {
162
- key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
175
+ key: "SPFN_APP_URL";
163
176
  };
164
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
177
+ NEXT_PUBLIC_SPFN_APP_URL: {
165
178
  description: string;
166
179
  required: boolean;
167
- sensitive: boolean;
168
180
  examples: string[];
169
181
  type: "string";
182
+ validator: (value: string) => string;
170
183
  } & {
171
- key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
184
+ key: "NEXT_PUBLIC_SPFN_APP_URL";
172
185
  };
173
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
186
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
174
187
  description: string;
175
188
  required: boolean;
176
189
  examples: string[];
177
190
  type: "string";
191
+ validator: (value: string) => string;
178
192
  } & {
179
- key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
193
+ key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
180
194
  };
181
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
195
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
182
196
  description: string;
183
197
  required: boolean;
184
198
  sensitive: boolean;
185
199
  examples: string[];
186
200
  type: "string";
201
+ validator: (value: string) => string;
187
202
  } & {
188
- key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
203
+ key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
189
204
  };
190
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
205
+ SPFN_AUTH_GOOGLE_SCOPES: {
191
206
  description: string;
192
207
  required: boolean;
193
- sensitive: boolean;
194
208
  examples: string[];
195
209
  type: "string";
210
+ validator: (value: string) => string;
196
211
  } & {
197
- key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
212
+ key: "SPFN_AUTH_GOOGLE_SCOPES";
198
213
  };
199
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
214
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
200
215
  description: string;
201
216
  required: boolean;
202
217
  examples: string[];
203
218
  type: "string";
219
+ validator: (value: string) => string;
204
220
  } & {
205
- key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
221
+ key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
206
222
  };
207
- SPFN_AUTH_AWS_SES_FROM_NAME: {
223
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
208
224
  description: string;
209
225
  required: boolean;
226
+ default: string;
227
+ examples: string[];
228
+ type: "string";
229
+ validator: (value: string) => string;
230
+ } & {
231
+ key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
232
+ };
233
+ SPFN_AUTH_OAUTH_ERROR_URL: {
234
+ description: string;
235
+ required: boolean;
236
+ default: string;
210
237
  examples: string[];
211
238
  type: "string";
239
+ validator: (value: string) => string;
212
240
  } & {
213
- key: "SPFN_AUTH_AWS_SES_FROM_NAME";
241
+ key: "SPFN_AUTH_OAUTH_ERROR_URL";
214
242
  };
215
243
  };
216
244
 
@@ -219,8 +247,9 @@ declare const env: _spfn_core_env.InferEnvType<{
219
247
  description: string;
220
248
  required: boolean;
221
249
  fallbackKeys: string[];
222
- validator: _spfn_core_env.Parser<string>;
250
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
223
251
  sensitive: boolean;
252
+ nextjs: boolean;
224
253
  examples: string[];
225
254
  type: "string";
226
255
  } & {
@@ -230,8 +259,10 @@ declare const env: _spfn_core_env.InferEnvType<{
230
259
  description: string;
231
260
  default: string;
232
261
  required: boolean;
262
+ nextjs: boolean;
233
263
  examples: string[];
234
264
  type: "string";
265
+ validator: (value: string) => string;
235
266
  } & {
236
267
  key: "SPFN_AUTH_SESSION_TTL";
237
268
  };
@@ -241,6 +272,7 @@ declare const env: _spfn_core_env.InferEnvType<{
241
272
  required: boolean;
242
273
  examples: string[];
243
274
  type: "string";
275
+ validator: (value: string) => string;
244
276
  } & {
245
277
  key: "SPFN_AUTH_JWT_SECRET";
246
278
  };
@@ -250,6 +282,7 @@ declare const env: _spfn_core_env.InferEnvType<{
250
282
  required: boolean;
251
283
  examples: string[];
252
284
  type: "string";
285
+ validator: (value: string) => string;
253
286
  } & {
254
287
  key: "SPFN_AUTH_JWT_EXPIRES_IN";
255
288
  };
@@ -269,6 +302,7 @@ declare const env: _spfn_core_env.InferEnvType<{
269
302
  required: boolean;
270
303
  examples: string[];
271
304
  type: "string";
305
+ validator: (value: string) => string;
272
306
  } & {
273
307
  key: "SPFN_AUTH_VERIFICATION_TOKEN_SECRET";
274
308
  };
@@ -277,6 +311,7 @@ declare const env: _spfn_core_env.InferEnvType<{
277
311
  required: boolean;
278
312
  examples: string[];
279
313
  type: "string";
314
+ validator: (value: string) => string;
280
315
  } & {
281
316
  key: "SPFN_AUTH_ADMIN_ACCOUNTS";
282
317
  };
@@ -285,6 +320,7 @@ declare const env: _spfn_core_env.InferEnvType<{
285
320
  required: boolean;
286
321
  examples: string[];
287
322
  type: "string";
323
+ validator: (value: string) => string;
288
324
  } & {
289
325
  key: "SPFN_AUTH_ADMIN_EMAILS";
290
326
  };
@@ -293,6 +329,7 @@ declare const env: _spfn_core_env.InferEnvType<{
293
329
  required: boolean;
294
330
  examples: string[];
295
331
  type: "string";
332
+ validator: (value: string) => string;
296
333
  } & {
297
334
  key: "SPFN_AUTH_ADMIN_PASSWORDS";
298
335
  };
@@ -301,6 +338,7 @@ declare const env: _spfn_core_env.InferEnvType<{
301
338
  required: boolean;
302
339
  examples: string[];
303
340
  type: "string";
341
+ validator: (value: string) => string;
304
342
  } & {
305
343
  key: "SPFN_AUTH_ADMIN_ROLES";
306
344
  };
@@ -309,13 +347,14 @@ declare const env: _spfn_core_env.InferEnvType<{
309
347
  required: boolean;
310
348
  examples: string[];
311
349
  type: "string";
350
+ validator: (value: string) => string;
312
351
  } & {
313
352
  key: "SPFN_AUTH_ADMIN_EMAIL";
314
353
  };
315
354
  SPFN_AUTH_ADMIN_PASSWORD: {
316
355
  description: string;
317
356
  required: boolean;
318
- validator: _spfn_core_env.Parser<string>;
357
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
319
358
  sensitive: boolean;
320
359
  examples: string[];
321
360
  type: "string";
@@ -328,77 +367,94 @@ declare const env: _spfn_core_env.InferEnvType<{
328
367
  required: boolean;
329
368
  examples: string[];
330
369
  type: "string";
370
+ validator: (value: string) => string;
331
371
  } & {
332
372
  key: "SPFN_API_URL";
333
373
  };
334
- SPFN_AUTH_AWS_REGION: {
374
+ NEXT_PUBLIC_SPFN_API_URL: {
335
375
  description: string;
336
- default: string;
337
376
  required: boolean;
338
377
  examples: string[];
339
378
  type: "string";
379
+ validator: (value: string) => string;
340
380
  } & {
341
- key: "SPFN_AUTH_AWS_REGION";
381
+ key: "NEXT_PUBLIC_SPFN_API_URL";
342
382
  };
343
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
383
+ SPFN_APP_URL: {
344
384
  description: string;
385
+ default: string;
345
386
  required: boolean;
346
- sensitive: boolean;
347
387
  examples: string[];
348
388
  type: "string";
389
+ validator: (value: string) => string;
349
390
  } & {
350
- key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
391
+ key: "SPFN_APP_URL";
351
392
  };
352
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
393
+ NEXT_PUBLIC_SPFN_APP_URL: {
353
394
  description: string;
354
395
  required: boolean;
355
- sensitive: boolean;
356
396
  examples: string[];
357
397
  type: "string";
398
+ validator: (value: string) => string;
358
399
  } & {
359
- key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
400
+ key: "NEXT_PUBLIC_SPFN_APP_URL";
360
401
  };
361
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
402
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
362
403
  description: string;
363
404
  required: boolean;
364
405
  examples: string[];
365
406
  type: "string";
407
+ validator: (value: string) => string;
366
408
  } & {
367
- key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
409
+ key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
368
410
  };
369
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
411
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
370
412
  description: string;
371
413
  required: boolean;
372
414
  sensitive: boolean;
373
415
  examples: string[];
374
416
  type: "string";
417
+ validator: (value: string) => string;
375
418
  } & {
376
- key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
419
+ key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
377
420
  };
378
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
421
+ SPFN_AUTH_GOOGLE_SCOPES: {
379
422
  description: string;
380
423
  required: boolean;
381
- sensitive: boolean;
382
424
  examples: string[];
383
425
  type: "string";
426
+ validator: (value: string) => string;
384
427
  } & {
385
- key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
428
+ key: "SPFN_AUTH_GOOGLE_SCOPES";
386
429
  };
387
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
430
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
388
431
  description: string;
389
432
  required: boolean;
390
433
  examples: string[];
391
434
  type: "string";
435
+ validator: (value: string) => string;
392
436
  } & {
393
- key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
437
+ key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
394
438
  };
395
- SPFN_AUTH_AWS_SES_FROM_NAME: {
439
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
396
440
  description: string;
397
441
  required: boolean;
442
+ default: string;
443
+ examples: string[];
444
+ type: "string";
445
+ validator: (value: string) => string;
446
+ } & {
447
+ key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
448
+ };
449
+ SPFN_AUTH_OAUTH_ERROR_URL: {
450
+ description: string;
451
+ required: boolean;
452
+ default: string;
398
453
  examples: string[];
399
454
  type: "string";
455
+ validator: (value: string) => string;
400
456
  } & {
401
- key: "SPFN_AUTH_AWS_SES_FROM_NAME";
457
+ key: "SPFN_AUTH_OAUTH_ERROR_URL";
402
458
  };
403
459
  }>;
404
460
 
package/dist/config.js CHANGED
@@ -24,6 +24,8 @@ var authEnvSchema = defineEnvSchema({
24
24
  minEntropy: 3.5
25
25
  }),
26
26
  sensitive: true,
27
+ nextjs: true,
28
+ // Required for Next.js RSC session validation
27
29
  examples: [
28
30
  "my-super-secret-session-key-at-least-32-chars-long",
29
31
  "use-a-cryptographically-secure-random-string-here"
@@ -35,6 +37,8 @@ var authEnvSchema = defineEnvSchema({
35
37
  description: "Session TTL (time to live) - supports duration strings like '7d', '12h', '45m'",
36
38
  default: "7d",
37
39
  required: false,
40
+ nextjs: true,
41
+ // May be needed for session validation in Next.js RSC
38
42
  examples: ["7d", "30d", "12h", "45m", "3600"]
39
43
  })
40
44
  },
@@ -152,7 +156,7 @@ var authEnvSchema = defineEnvSchema({
152
156
  // ============================================================================
153
157
  SPFN_API_URL: {
154
158
  ...envString({
155
- description: "Base API URL for invitation links and other external-facing URLs",
159
+ description: "Internal API URL for server-to-server communication",
156
160
  default: "http://localhost:8790",
157
161
  required: false,
158
162
  examples: [
@@ -161,71 +165,96 @@ var authEnvSchema = defineEnvSchema({
161
165
  ]
162
166
  })
163
167
  },
164
- // ============================================================================
165
- // AWS SNS Configuration (SMS)
166
- // ============================================================================
167
- SPFN_AUTH_AWS_REGION: {
168
+ NEXT_PUBLIC_SPFN_API_URL: {
168
169
  ...envString({
169
- description: "AWS region for SNS service",
170
- default: "ap-northeast-2",
170
+ description: "Public-facing API URL used for browser-facing redirects (e.g. OAuth callback). Falls back to SPFN_API_URL if not set.",
171
171
  required: false,
172
- examples: ["ap-northeast-2", "us-east-1", "eu-west-1"]
172
+ examples: [
173
+ "https://api.example.com",
174
+ "http://localhost:8790"
175
+ ]
173
176
  })
174
177
  },
175
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
178
+ SPFN_APP_URL: {
176
179
  ...envString({
177
- description: "AWS SNS access key ID (optional, uses default credentials chain if not provided)",
180
+ description: "Next.js application URL (internal). Used for server-to-server communication.",
181
+ default: "http://localhost:3000",
178
182
  required: false,
179
- sensitive: true,
180
- examples: ["AKIAIOSFODNN7EXAMPLE"]
183
+ examples: [
184
+ "https://app.example.com",
185
+ "http://localhost:3000"
186
+ ]
181
187
  })
182
188
  },
183
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
189
+ NEXT_PUBLIC_SPFN_APP_URL: {
184
190
  ...envString({
185
- description: "AWS SNS secret access key (optional, uses default credentials chain if not provided)",
191
+ description: "Public-facing Next.js app URL for browser redirects (e.g. OAuth redirect). Falls back to SPFN_APP_URL if not set.",
186
192
  required: false,
187
- sensitive: true,
188
- examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
193
+ examples: [
194
+ "https://app.example.com",
195
+ "http://localhost:3000"
196
+ ]
189
197
  })
190
198
  },
191
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
199
+ // ============================================================================
200
+ // OAuth Configuration - Google
201
+ // ============================================================================
202
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
192
203
  ...envString({
193
- description: "SMS sender ID displayed to recipients (max 11 characters, alphanumeric)",
204
+ description: "Google OAuth 2.0 Client ID. When set, Google OAuth routes are automatically enabled.",
194
205
  required: false,
195
- examples: ["MyApp", "YourBrand"]
206
+ examples: ["123456789-abc123.apps.googleusercontent.com"]
196
207
  })
197
208
  },
198
- // ============================================================================
199
- // AWS SES Configuration (Email)
200
- // ============================================================================
201
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
209
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
202
210
  ...envString({
203
- description: "AWS SES access key ID (optional, uses default credentials chain if not provided)",
211
+ description: "Google OAuth 2.0 Client Secret",
204
212
  required: false,
205
213
  sensitive: true,
206
- examples: ["AKIAIOSFODNN7EXAMPLE"]
214
+ examples: ["GOCSPX-abcdefghijklmnop"]
207
215
  })
208
216
  },
209
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
217
+ SPFN_AUTH_GOOGLE_SCOPES: {
210
218
  ...envString({
211
- description: "AWS SES secret access key (optional, uses default credentials chain if not provided)",
219
+ description: 'Comma-separated Google OAuth scopes. Defaults to "email,profile" if not set.',
212
220
  required: false,
213
- sensitive: true,
214
- examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
221
+ examples: [
222
+ "email,profile",
223
+ "email,profile,https://www.googleapis.com/auth/gmail.readonly",
224
+ "email,profile,https://www.googleapis.com/auth/calendar.readonly"
225
+ ]
226
+ })
227
+ },
228
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
229
+ ...envString({
230
+ description: "Google OAuth callback URL. Defaults to {NEXT_PUBLIC_SPFN_API_URL || SPFN_API_URL}/_auth/oauth/google/callback",
231
+ required: false,
232
+ examples: [
233
+ "https://api.example.com/_auth/oauth/google/callback",
234
+ "http://localhost:8790/_auth/oauth/google/callback"
235
+ ]
215
236
  })
216
237
  },
217
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
238
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
218
239
  ...envString({
219
- description: "Sender email address (must be verified in AWS SES)",
240
+ description: "OAuth callback page URL. This page should use OAuthCallback component to finalize session.",
220
241
  required: false,
221
- examples: ["noreply@example.com", "auth@yourdomain.com"]
242
+ default: "/auth/callback",
243
+ examples: [
244
+ "/auth/callback",
245
+ "https://app.example.com/auth/callback"
246
+ ]
222
247
  })
223
248
  },
224
- SPFN_AUTH_AWS_SES_FROM_NAME: {
249
+ SPFN_AUTH_OAUTH_ERROR_URL: {
225
250
  ...envString({
226
- description: "Sender display name",
251
+ description: "URL to redirect after OAuth error. Use {error} placeholder for error message.",
227
252
  required: false,
228
- examples: ["MyApp", "Your Company"]
253
+ default: "http://localhost:3000/auth/error?error={error}",
254
+ examples: [
255
+ "https://app.example.com/auth/error?error={error}",
256
+ "http://localhost:3000/auth/error?error={error}"
257
+ ]
229
258
  })
230
259
  }
231
260
  });
package/dist/config.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/config/index.ts","../src/config/schema.ts"],"sourcesContent":["/**\n * Core Package Configuration\n *\n * @example\n * ```typescript\n * import { registry } from '@spfn/core/config';\n *\n * const env = registry.validate();\n * console.log(env.DB_POOL_MAX);\n * ```\n *\n * @module config\n */\n\nimport { createEnvRegistry } from '@spfn/core/env';\nimport { authEnvSchema } from './schema';\n\nexport { authEnvSchema as envSchema } from './schema';\n\n/**\n * Environment registry\n */\nconst registry = createEnvRegistry(authEnvSchema);\nexport const env = registry.validate();","/**\n * Auth Environment Variable Schema\n *\n * Centralized schema definition for all environment variables used in @spfn/auth.\n * This provides type safety, validation, and documentation for Auth configuration.\n *\n * @module config/schema\n */\n\nimport {\n defineEnvSchema,\n envString,\n envNumber,\n createSecureSecretParser,\n createPasswordParser,\n} from '@spfn/core/env';\n\n/**\n * Auth environment variable schema\n *\n * Defines all Auth environment variables with:\n * - Type information\n * - Default values\n * - Validation rules\n * - Documentation\n *\n * @example\n * ```typescript\n * import { authEnvSchema } from '@spfn/auth/config';\n *\n * // Access schema information\n * console.log(authEnvSchema.SPFN_AUTH_SESSION_SECRET.description);\n * console.log(authEnvSchema.SPFN_AUTH_JWT_EXPIRES_IN.default);\n * ```\n */\nexport const authEnvSchema = defineEnvSchema({\n // ============================================================================\n // Session Configuration\n // ============================================================================\n SPFN_AUTH_SESSION_SECRET: {\n ...envString({\n description: 'Session encryption secret (minimum 32 characters for AES-256)',\n required: true,\n fallbackKeys: ['SESSION_SECRET'],\n validator: createSecureSecretParser({\n minLength: 32,\n minUniqueChars: 16,\n minEntropy: 3.5,\n }),\n sensitive: true,\n examples: [\n 'my-super-secret-session-key-at-least-32-chars-long',\n 'use-a-cryptographically-secure-random-string-here',\n ],\n }),\n },\n\n SPFN_AUTH_SESSION_TTL: {\n ...envString({\n description: 'Session TTL (time to live) - supports duration strings like \\'7d\\', \\'12h\\', \\'45m\\'',\n default: '7d',\n required: false,\n examples: ['7d', '30d', '12h', '45m', '3600'],\n }),\n },\n\n // ============================================================================\n // JWT Configuration\n // ============================================================================\n SPFN_AUTH_JWT_SECRET: {\n ...envString({\n description: 'JWT signing secret for server-signed tokens (legacy mode)',\n default: 'dev-secret-key-change-in-production',\n required: false,\n examples: [\n 'your-jwt-secret-key-here',\n 'use-different-from-session-secret',\n ],\n }),\n },\n\n SPFN_AUTH_JWT_EXPIRES_IN: {\n ...envString({\n description: 'JWT token expiration time (e.g., \\'7d\\', \\'24h\\', \\'1h\\')',\n default: '7d',\n required: false,\n examples: ['7d', '24h', '1h', '30m'],\n }),\n },\n\n // ============================================================================\n // Security Configuration\n // ============================================================================\n SPFN_AUTH_BCRYPT_SALT_ROUNDS: {\n ...envNumber({\n description: 'Bcrypt salt rounds (cost factor, higher = more secure but slower)',\n default: 10,\n required: false,\n examples: [10, 12, 14],\n }),\n key: 'SPFN_AUTH_BCRYPT_SALT_ROUNDS',\n },\n\n SPFN_AUTH_VERIFICATION_TOKEN_SECRET: {\n ...envString({\n description: 'Verification token secret for email verification, password reset, etc.',\n required: true,\n examples: [\n 'your-verification-token-secret',\n 'can-be-different-from-jwt-secret',\n ],\n }),\n },\n\n // ============================================================================\n // Admin Account Configuration\n // ============================================================================\n SPFN_AUTH_ADMIN_ACCOUNTS: {\n ...envString({\n description: 'JSON array of admin accounts (recommended for multiple admins)',\n required: false,\n examples: [\n '[{\"email\":\"admin@example.com\",\"password\":\"secure-pass\",\"role\":\"admin\"}]',\n '[{\"email\":\"super@example.com\",\"password\":\"pass1\",\"role\":\"superadmin\"},{\"email\":\"admin@example.com\",\"password\":\"pass2\",\"role\":\"admin\"}]',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAILS: {\n ...envString({\n description: 'Comma-separated list of admin emails (legacy CSV format)',\n required: false,\n examples: [\n 'admin@example.com,user@example.com',\n 'super@example.com,admin@example.com,user@example.com',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORDS: {\n ...envString({\n description: 'Comma-separated list of admin passwords (legacy CSV format)',\n required: false,\n examples: [\n 'admin-pass,user-pass',\n 'super-pass,admin-pass,user-pass',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_ROLES: {\n ...envString({\n description: 'Comma-separated list of admin roles (legacy CSV format)',\n required: false,\n examples: [\n 'admin,user',\n 'superadmin,admin,user',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAIL: {\n ...envString({\n description: 'Single admin email (simplest format)',\n required: false,\n examples: ['admin@example.com'],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORD: {\n ...envString({\n description: 'Single admin password (simplest format)',\n required: false,\n validator: createPasswordParser({\n minLength: 8,\n requireUppercase: true,\n requireLowercase: true,\n requireNumber: true,\n requireSpecial: true,\n }),\n sensitive: true,\n examples: ['SecureAdmin123!'],\n }),\n },\n\n // ============================================================================\n // API Configuration\n // ============================================================================\n SPFN_API_URL: {\n ...envString({\n description: 'Base API URL for invitation links and other external-facing URLs',\n default: 'http://localhost:8790',\n required: false,\n examples: [\n 'https://api.example.com',\n 'http://localhost:8790',\n ],\n }),\n },\n\n // ============================================================================\n // AWS SNS Configuration (SMS)\n // ============================================================================\n SPFN_AUTH_AWS_REGION: {\n ...envString({\n description: 'AWS region for SNS service',\n default: 'ap-northeast-2',\n required: false,\n examples: ['ap-northeast-2', 'us-east-1', 'eu-west-1'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {\n ...envString({\n description: 'AWS SNS access key ID (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['AKIAIOSFODNN7EXAMPLE'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {\n ...envString({\n description: 'AWS SNS secret access key (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_SENDER_ID: {\n ...envString({\n description: 'SMS sender ID displayed to recipients (max 11 characters, alphanumeric)',\n required: false,\n examples: ['MyApp', 'YourBrand'],\n }),\n },\n\n // ============================================================================\n // AWS SES Configuration (Email)\n // ============================================================================\n SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {\n ...envString({\n description: 'AWS SES access key ID (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['AKIAIOSFODNN7EXAMPLE'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {\n ...envString({\n description: 'AWS SES secret access key (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_FROM_EMAIL: {\n ...envString({\n description: 'Sender email address (must be verified in AWS SES)',\n required: false,\n examples: ['noreply@example.com', 'auth@yourdomain.com'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_FROM_NAME: {\n ...envString({\n description: 'Sender display name',\n required: false,\n examples: ['MyApp', 'Your Company'],\n }),\n },\n});"],"mappings":";AAcA,SAAS,yBAAyB;;;ACLlC;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAoBA,IAAM,gBAAgB,gBAAgB;AAAA;AAAA;AAAA;AAAA,EAIzC,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,cAAc,CAAC,gBAAgB;AAAA,MAC/B,WAAW,yBAAyB;AAAA,QAChC,WAAW;AAAA,QACX,gBAAgB;AAAA,QAChB,YAAY;AAAA,MAChB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,MAAM,OAAO,OAAO,OAAO,MAAM;AAAA,IAChD,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB;AAAA,IAClB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,MAAM,OAAO,MAAM,KAAK;AAAA,IACvC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,8BAA8B;AAAA,IAC1B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,IAAI,IAAI,EAAE;AAAA,IACzB,CAAC;AAAA,IACD,KAAK;AAAA,EACT;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,wBAAwB;AAAA,IACpB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,2BAA2B;AAAA,IACvB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,mBAAmB;AAAA,IAClC,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW,qBAAqB;AAAA,QAC5B,WAAW;AAAA,QACX,kBAAkB;AAAA,QAClB,kBAAkB;AAAA,QAClB,eAAe;AAAA,QACf,gBAAgB;AAAA,MACpB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,UAAU,CAAC,iBAAiB;AAAA,IAChC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AAAA,IACV,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB;AAAA,IAClB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,kBAAkB,aAAa,WAAW;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,iCAAiC;AAAA,IAC7B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,sBAAsB;AAAA,IACrC,CAAC;AAAA,EACL;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,0CAA0C;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,SAAS,WAAW;AAAA,IACnC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,iCAAiC;AAAA,IAC7B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,sBAAsB;AAAA,IACrC,CAAC;AAAA,EACL;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,0CAA0C;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,8BAA8B;AAAA,IAC1B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,uBAAuB,qBAAqB;AAAA,IAC3D,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,SAAS,cAAc;AAAA,IACtC,CAAC;AAAA,EACL;AACJ,CAAC;;;AD5PD,IAAM,WAAW,kBAAkB,aAAa;AACzC,IAAM,MAAM,SAAS,SAAS;","names":[]}
1
+ {"version":3,"sources":["../src/config/index.ts","../src/config/schema.ts"],"sourcesContent":["/**\n * Core Package Configuration\n *\n * @example\n * ```typescript\n * import { registry } from '@spfn/core/config';\n *\n * const env = registry.validate();\n * console.log(env.DB_POOL_MAX);\n * ```\n *\n * @module config\n */\n\nimport { createEnvRegistry } from '@spfn/core/env';\nimport { authEnvSchema } from './schema';\n\nexport { authEnvSchema as envSchema } from './schema';\n\n/**\n * Environment registry\n */\nconst registry = createEnvRegistry(authEnvSchema);\nexport const env = registry.validate();","/**\n * Auth Environment Variable Schema\n *\n * Centralized schema definition for all environment variables used in @spfn/auth.\n * This provides type safety, validation, and documentation for Auth configuration.\n *\n * @module config/schema\n */\n\nimport {\n defineEnvSchema,\n envString,\n envNumber,\n createSecureSecretParser,\n createPasswordParser,\n} from '@spfn/core/env';\n\n/**\n * Auth environment variable schema\n *\n * Defines all Auth environment variables with:\n * - Type information\n * - Default values\n * - Validation rules\n * - Documentation\n *\n * @example\n * ```typescript\n * import { authEnvSchema } from '@spfn/auth/config';\n *\n * // Access schema information\n * console.log(authEnvSchema.SPFN_AUTH_SESSION_SECRET.description);\n * console.log(authEnvSchema.SPFN_AUTH_JWT_EXPIRES_IN.default);\n * ```\n */\nexport const authEnvSchema = defineEnvSchema({\n // ============================================================================\n // Session Configuration\n // ============================================================================\n SPFN_AUTH_SESSION_SECRET: {\n ...envString({\n description: 'Session encryption secret (minimum 32 characters for AES-256)',\n required: true,\n fallbackKeys: ['SESSION_SECRET'],\n validator: createSecureSecretParser({\n minLength: 32,\n minUniqueChars: 16,\n minEntropy: 3.5,\n }),\n sensitive: true,\n nextjs: true, // Required for Next.js RSC session validation\n examples: [\n 'my-super-secret-session-key-at-least-32-chars-long',\n 'use-a-cryptographically-secure-random-string-here',\n ],\n }),\n },\n\n SPFN_AUTH_SESSION_TTL: {\n ...envString({\n description: 'Session TTL (time to live) - supports duration strings like \\'7d\\', \\'12h\\', \\'45m\\'',\n default: '7d',\n required: false,\n nextjs: true, // May be needed for session validation in Next.js RSC\n examples: ['7d', '30d', '12h', '45m', '3600'],\n }),\n },\n\n // ============================================================================\n // JWT Configuration\n // ============================================================================\n SPFN_AUTH_JWT_SECRET: {\n ...envString({\n description: 'JWT signing secret for server-signed tokens (legacy mode)',\n default: 'dev-secret-key-change-in-production',\n required: false,\n examples: [\n 'your-jwt-secret-key-here',\n 'use-different-from-session-secret',\n ],\n }),\n },\n\n SPFN_AUTH_JWT_EXPIRES_IN: {\n ...envString({\n description: 'JWT token expiration time (e.g., \\'7d\\', \\'24h\\', \\'1h\\')',\n default: '7d',\n required: false,\n examples: ['7d', '24h', '1h', '30m'],\n }),\n },\n\n // ============================================================================\n // Security Configuration\n // ============================================================================\n SPFN_AUTH_BCRYPT_SALT_ROUNDS: {\n ...envNumber({\n description: 'Bcrypt salt rounds (cost factor, higher = more secure but slower)',\n default: 10,\n required: false,\n examples: [10, 12, 14],\n }),\n key: 'SPFN_AUTH_BCRYPT_SALT_ROUNDS',\n },\n\n SPFN_AUTH_VERIFICATION_TOKEN_SECRET: {\n ...envString({\n description: 'Verification token secret for email verification, password reset, etc.',\n required: true,\n examples: [\n 'your-verification-token-secret',\n 'can-be-different-from-jwt-secret',\n ],\n }),\n },\n\n // ============================================================================\n // Admin Account Configuration\n // ============================================================================\n SPFN_AUTH_ADMIN_ACCOUNTS: {\n ...envString({\n description: 'JSON array of admin accounts (recommended for multiple admins)',\n required: false,\n examples: [\n '[{\"email\":\"admin@example.com\",\"password\":\"secure-pass\",\"role\":\"admin\"}]',\n '[{\"email\":\"super@example.com\",\"password\":\"pass1\",\"role\":\"superadmin\"},{\"email\":\"admin@example.com\",\"password\":\"pass2\",\"role\":\"admin\"}]',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAILS: {\n ...envString({\n description: 'Comma-separated list of admin emails (legacy CSV format)',\n required: false,\n examples: [\n 'admin@example.com,user@example.com',\n 'super@example.com,admin@example.com,user@example.com',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORDS: {\n ...envString({\n description: 'Comma-separated list of admin passwords (legacy CSV format)',\n required: false,\n examples: [\n 'admin-pass,user-pass',\n 'super-pass,admin-pass,user-pass',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_ROLES: {\n ...envString({\n description: 'Comma-separated list of admin roles (legacy CSV format)',\n required: false,\n examples: [\n 'admin,user',\n 'superadmin,admin,user',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAIL: {\n ...envString({\n description: 'Single admin email (simplest format)',\n required: false,\n examples: ['admin@example.com'],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORD: {\n ...envString({\n description: 'Single admin password (simplest format)',\n required: false,\n validator: createPasswordParser({\n minLength: 8,\n requireUppercase: true,\n requireLowercase: true,\n requireNumber: true,\n requireSpecial: true,\n }),\n sensitive: true,\n examples: ['SecureAdmin123!'],\n }),\n },\n\n // ============================================================================\n // API Configuration\n // ============================================================================\n SPFN_API_URL: {\n ...envString({\n description: 'Internal API URL for server-to-server communication',\n default: 'http://localhost:8790',\n required: false,\n examples: [\n 'https://api.example.com',\n 'http://localhost:8790',\n ],\n }),\n },\n\n NEXT_PUBLIC_SPFN_API_URL: {\n ...envString({\n description: 'Public-facing API URL used for browser-facing redirects (e.g. OAuth callback). Falls back to SPFN_API_URL if not set.',\n required: false,\n examples: [\n 'https://api.example.com',\n 'http://localhost:8790',\n ],\n }),\n },\n\n SPFN_APP_URL: {\n ...envString({\n description: 'Next.js application URL (internal). Used for server-to-server communication.',\n default: 'http://localhost:3000',\n required: false,\n examples: [\n 'https://app.example.com',\n 'http://localhost:3000',\n ],\n }),\n },\n\n NEXT_PUBLIC_SPFN_APP_URL: {\n ...envString({\n description: 'Public-facing Next.js app URL for browser redirects (e.g. OAuth redirect). Falls back to SPFN_APP_URL if not set.',\n required: false,\n examples: [\n 'https://app.example.com',\n 'http://localhost:3000',\n ],\n }),\n },\n\n // ============================================================================\n // OAuth Configuration - Google\n // ============================================================================\n SPFN_AUTH_GOOGLE_CLIENT_ID: {\n ...envString({\n description: 'Google OAuth 2.0 Client ID. When set, Google OAuth routes are automatically enabled.',\n required: false,\n examples: ['123456789-abc123.apps.googleusercontent.com'],\n }),\n },\n\n SPFN_AUTH_GOOGLE_CLIENT_SECRET: {\n ...envString({\n description: 'Google OAuth 2.0 Client Secret',\n required: false,\n sensitive: true,\n examples: ['GOCSPX-abcdefghijklmnop'],\n }),\n },\n\n SPFN_AUTH_GOOGLE_SCOPES: {\n ...envString({\n description: 'Comma-separated Google OAuth scopes. Defaults to \"email,profile\" if not set.',\n required: false,\n examples: [\n 'email,profile',\n 'email,profile,https://www.googleapis.com/auth/gmail.readonly',\n 'email,profile,https://www.googleapis.com/auth/calendar.readonly',\n ],\n }),\n },\n\n SPFN_AUTH_GOOGLE_REDIRECT_URI: {\n ...envString({\n description: 'Google OAuth callback URL. Defaults to {NEXT_PUBLIC_SPFN_API_URL || SPFN_API_URL}/_auth/oauth/google/callback',\n required: false,\n examples: [\n 'https://api.example.com/_auth/oauth/google/callback',\n 'http://localhost:8790/_auth/oauth/google/callback',\n ],\n }),\n },\n\n SPFN_AUTH_OAUTH_SUCCESS_URL: {\n ...envString({\n description: 'OAuth callback page URL. This page should use OAuthCallback component to finalize session.',\n required: false,\n default: '/auth/callback',\n examples: [\n '/auth/callback',\n 'https://app.example.com/auth/callback',\n ],\n }),\n },\n\n SPFN_AUTH_OAUTH_ERROR_URL: {\n ...envString({\n description: 'URL to redirect after OAuth error. Use {error} placeholder for error message.',\n required: false,\n default: 'http://localhost:3000/auth/error?error={error}',\n examples: [\n 'https://app.example.com/auth/error?error={error}',\n 'http://localhost:3000/auth/error?error={error}',\n ],\n }),\n },\n});"],"mappings":";AAcA,SAAS,yBAAyB;;;ACLlC;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAoBA,IAAM,gBAAgB,gBAAgB;AAAA;AAAA;AAAA;AAAA,EAIzC,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,cAAc,CAAC,gBAAgB;AAAA,MAC/B,WAAW,yBAAyB;AAAA,QAChC,WAAW;AAAA,QACX,gBAAgB;AAAA,QAChB,YAAY;AAAA,MAChB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,QAAQ;AAAA;AAAA,MACR,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,QAAQ;AAAA;AAAA,MACR,UAAU,CAAC,MAAM,OAAO,OAAO,OAAO,MAAM;AAAA,IAChD,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB;AAAA,IAClB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,MAAM,OAAO,MAAM,KAAK;AAAA,IACvC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,8BAA8B;AAAA,IAC1B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,IAAI,IAAI,EAAE;AAAA,IACzB,CAAC;AAAA,IACD,KAAK;AAAA,EACT;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,wBAAwB;AAAA,IACpB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,2BAA2B;AAAA,IACvB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,mBAAmB;AAAA,IAClC,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW,qBAAqB;AAAA,QAC5B,WAAW;AAAA,QACX,kBAAkB;AAAA,QAClB,kBAAkB;AAAA,QAClB,eAAe;AAAA,QACf,gBAAgB;AAAA,MACpB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,UAAU,CAAC,iBAAiB;AAAA,IAChC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AAAA,IACV,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,cAAc;AAAA,IACV,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,4BAA4B;AAAA,IACxB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,6CAA6C;AAAA,IAC5D,CAAC;AAAA,EACL;AAAA,EAEA,gCAAgC;AAAA,IAC5B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,yBAAyB;AAAA,IACxC,CAAC;AAAA,EACL;AAAA,EAEA,yBAAyB;AAAA,IACrB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,+BAA+B;AAAA,IAC3B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,SAAS;AAAA,MACT,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,2BAA2B;AAAA,IACvB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,SAAS;AAAA,MACT,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AACJ,CAAC;;;ADxRD,IAAM,WAAW,kBAAkB,aAAa;AACzC,IAAM,MAAM,SAAS,SAAS;","names":[]}