@spfn/auth 0.2.0-beta.4 → 0.2.0-beta.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/README.md +713 -180
  2. package/dist/{dto-Bb2qFUO6.d.ts → authenticate-2953PCm8.d.ts} +420 -161
  3. package/dist/config.d.ts +156 -44
  4. package/dist/config.js +90 -35
  5. package/dist/config.js.map +1 -1
  6. package/dist/errors.d.ts +30 -2
  7. package/dist/errors.js +24 -0
  8. package/dist/errors.js.map +1 -1
  9. package/dist/index.d.ts +283 -113
  10. package/dist/index.js +58 -1
  11. package/dist/index.js.map +1 -1
  12. package/dist/nextjs/api.js +202 -1
  13. package/dist/nextjs/api.js.map +1 -1
  14. package/dist/nextjs/client.d.ts +28 -0
  15. package/dist/nextjs/client.js +80 -0
  16. package/dist/nextjs/client.js.map +1 -0
  17. package/dist/nextjs/server.d.ts +89 -2
  18. package/dist/nextjs/server.js +146 -21
  19. package/dist/nextjs/server.js.map +1 -1
  20. package/dist/server.d.ts +564 -443
  21. package/dist/server.js +1030 -492
  22. package/dist/server.js.map +1 -1
  23. package/migrations/0001_smooth_the_fury.sql +3 -0
  24. package/migrations/meta/0001_snapshot.json +1660 -0
  25. package/migrations/meta/_journal.json +7 -0
  26. package/package.json +13 -9
package/dist/config.d.ts CHANGED
@@ -31,7 +31,7 @@ declare const authEnvSchema: {
31
31
  description: string;
32
32
  required: boolean;
33
33
  fallbackKeys: string[];
34
- validator: _spfn_core_env.Parser<string>;
34
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
35
35
  sensitive: boolean;
36
36
  nextjs: boolean;
37
37
  examples: string[];
@@ -46,6 +46,7 @@ declare const authEnvSchema: {
46
46
  nextjs: boolean;
47
47
  examples: string[];
48
48
  type: "string";
49
+ validator: (value: string) => string;
49
50
  } & {
50
51
  key: "SPFN_AUTH_SESSION_TTL";
51
52
  };
@@ -55,6 +56,7 @@ declare const authEnvSchema: {
55
56
  required: boolean;
56
57
  examples: string[];
57
58
  type: "string";
59
+ validator: (value: string) => string;
58
60
  } & {
59
61
  key: "SPFN_AUTH_JWT_SECRET";
60
62
  };
@@ -64,6 +66,7 @@ declare const authEnvSchema: {
64
66
  required: boolean;
65
67
  examples: string[];
66
68
  type: "string";
69
+ validator: (value: string) => string;
67
70
  } & {
68
71
  key: "SPFN_AUTH_JWT_EXPIRES_IN";
69
72
  };
@@ -83,6 +86,7 @@ declare const authEnvSchema: {
83
86
  required: boolean;
84
87
  examples: string[];
85
88
  type: "string";
89
+ validator: (value: string) => string;
86
90
  } & {
87
91
  key: "SPFN_AUTH_VERIFICATION_TOKEN_SECRET";
88
92
  };
@@ -91,6 +95,7 @@ declare const authEnvSchema: {
91
95
  required: boolean;
92
96
  examples: string[];
93
97
  type: "string";
98
+ validator: (value: string) => string;
94
99
  } & {
95
100
  key: "SPFN_AUTH_ADMIN_ACCOUNTS";
96
101
  };
@@ -99,6 +104,7 @@ declare const authEnvSchema: {
99
104
  required: boolean;
100
105
  examples: string[];
101
106
  type: "string";
107
+ validator: (value: string) => string;
102
108
  } & {
103
109
  key: "SPFN_AUTH_ADMIN_EMAILS";
104
110
  };
@@ -107,6 +113,7 @@ declare const authEnvSchema: {
107
113
  required: boolean;
108
114
  examples: string[];
109
115
  type: "string";
116
+ validator: (value: string) => string;
110
117
  } & {
111
118
  key: "SPFN_AUTH_ADMIN_PASSWORDS";
112
119
  };
@@ -115,6 +122,7 @@ declare const authEnvSchema: {
115
122
  required: boolean;
116
123
  examples: string[];
117
124
  type: "string";
125
+ validator: (value: string) => string;
118
126
  } & {
119
127
  key: "SPFN_AUTH_ADMIN_ROLES";
120
128
  };
@@ -123,96 +131,144 @@ declare const authEnvSchema: {
123
131
  required: boolean;
124
132
  examples: string[];
125
133
  type: "string";
134
+ validator: (value: string) => string;
126
135
  } & {
127
136
  key: "SPFN_AUTH_ADMIN_EMAIL";
128
137
  };
129
138
  SPFN_AUTH_ADMIN_PASSWORD: {
130
139
  description: string;
131
140
  required: boolean;
132
- validator: _spfn_core_env.Parser<string>;
141
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
133
142
  sensitive: boolean;
134
143
  examples: string[];
135
144
  type: "string";
136
145
  } & {
137
146
  key: "SPFN_AUTH_ADMIN_PASSWORD";
138
147
  };
148
+ SPFN_AUTH_RESERVED_USERNAMES: {
149
+ description: string;
150
+ required: boolean;
151
+ default: string;
152
+ examples: string[];
153
+ type: "string";
154
+ validator: (value: string) => string;
155
+ } & {
156
+ key: "SPFN_AUTH_RESERVED_USERNAMES";
157
+ };
158
+ SPFN_AUTH_USERNAME_MIN_LENGTH: {
159
+ description: string;
160
+ default: number;
161
+ required: boolean;
162
+ examples: number[];
163
+ type: "number";
164
+ validator: (value: string) => number;
165
+ } & {
166
+ key: "SPFN_AUTH_USERNAME_MIN_LENGTH";
167
+ };
168
+ SPFN_AUTH_USERNAME_MAX_LENGTH: {
169
+ description: string;
170
+ default: number;
171
+ required: boolean;
172
+ examples: number[];
173
+ type: "number";
174
+ validator: (value: string) => number;
175
+ } & {
176
+ key: "SPFN_AUTH_USERNAME_MAX_LENGTH";
177
+ };
139
178
  SPFN_API_URL: {
140
179
  description: string;
141
180
  default: string;
142
181
  required: boolean;
143
182
  examples: string[];
144
183
  type: "string";
184
+ validator: (value: string) => string;
145
185
  } & {
146
186
  key: "SPFN_API_URL";
147
187
  };
148
- SPFN_AUTH_AWS_REGION: {
188
+ NEXT_PUBLIC_SPFN_API_URL: {
149
189
  description: string;
150
- default: string;
151
190
  required: boolean;
152
191
  examples: string[];
153
192
  type: "string";
193
+ validator: (value: string) => string;
154
194
  } & {
155
- key: "SPFN_AUTH_AWS_REGION";
195
+ key: "NEXT_PUBLIC_SPFN_API_URL";
156
196
  };
157
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
197
+ SPFN_APP_URL: {
158
198
  description: string;
199
+ default: string;
159
200
  required: boolean;
160
- sensitive: boolean;
161
201
  examples: string[];
162
202
  type: "string";
203
+ validator: (value: string) => string;
163
204
  } & {
164
- key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
205
+ key: "SPFN_APP_URL";
165
206
  };
166
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
207
+ NEXT_PUBLIC_SPFN_APP_URL: {
167
208
  description: string;
168
209
  required: boolean;
169
- sensitive: boolean;
170
210
  examples: string[];
171
211
  type: "string";
212
+ validator: (value: string) => string;
172
213
  } & {
173
- key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
214
+ key: "NEXT_PUBLIC_SPFN_APP_URL";
174
215
  };
175
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
216
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
176
217
  description: string;
177
218
  required: boolean;
178
219
  examples: string[];
179
220
  type: "string";
221
+ validator: (value: string) => string;
180
222
  } & {
181
- key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
223
+ key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
182
224
  };
183
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
225
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
184
226
  description: string;
185
227
  required: boolean;
186
228
  sensitive: boolean;
187
229
  examples: string[];
188
230
  type: "string";
231
+ validator: (value: string) => string;
189
232
  } & {
190
- key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
233
+ key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
191
234
  };
192
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
235
+ SPFN_AUTH_GOOGLE_SCOPES: {
193
236
  description: string;
194
237
  required: boolean;
195
- sensitive: boolean;
196
238
  examples: string[];
197
239
  type: "string";
240
+ validator: (value: string) => string;
198
241
  } & {
199
- key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
242
+ key: "SPFN_AUTH_GOOGLE_SCOPES";
200
243
  };
201
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
244
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
202
245
  description: string;
203
246
  required: boolean;
204
247
  examples: string[];
205
248
  type: "string";
249
+ validator: (value: string) => string;
206
250
  } & {
207
- key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
251
+ key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
208
252
  };
209
- SPFN_AUTH_AWS_SES_FROM_NAME: {
253
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
210
254
  description: string;
211
255
  required: boolean;
256
+ default: string;
257
+ examples: string[];
258
+ type: "string";
259
+ validator: (value: string) => string;
260
+ } & {
261
+ key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
262
+ };
263
+ SPFN_AUTH_OAUTH_ERROR_URL: {
264
+ description: string;
265
+ required: boolean;
266
+ default: string;
212
267
  examples: string[];
213
268
  type: "string";
269
+ validator: (value: string) => string;
214
270
  } & {
215
- key: "SPFN_AUTH_AWS_SES_FROM_NAME";
271
+ key: "SPFN_AUTH_OAUTH_ERROR_URL";
216
272
  };
217
273
  };
218
274
 
@@ -221,7 +277,7 @@ declare const env: _spfn_core_env.InferEnvType<{
221
277
  description: string;
222
278
  required: boolean;
223
279
  fallbackKeys: string[];
224
- validator: _spfn_core_env.Parser<string>;
280
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
225
281
  sensitive: boolean;
226
282
  nextjs: boolean;
227
283
  examples: string[];
@@ -236,6 +292,7 @@ declare const env: _spfn_core_env.InferEnvType<{
236
292
  nextjs: boolean;
237
293
  examples: string[];
238
294
  type: "string";
295
+ validator: (value: string) => string;
239
296
  } & {
240
297
  key: "SPFN_AUTH_SESSION_TTL";
241
298
  };
@@ -245,6 +302,7 @@ declare const env: _spfn_core_env.InferEnvType<{
245
302
  required: boolean;
246
303
  examples: string[];
247
304
  type: "string";
305
+ validator: (value: string) => string;
248
306
  } & {
249
307
  key: "SPFN_AUTH_JWT_SECRET";
250
308
  };
@@ -254,6 +312,7 @@ declare const env: _spfn_core_env.InferEnvType<{
254
312
  required: boolean;
255
313
  examples: string[];
256
314
  type: "string";
315
+ validator: (value: string) => string;
257
316
  } & {
258
317
  key: "SPFN_AUTH_JWT_EXPIRES_IN";
259
318
  };
@@ -273,6 +332,7 @@ declare const env: _spfn_core_env.InferEnvType<{
273
332
  required: boolean;
274
333
  examples: string[];
275
334
  type: "string";
335
+ validator: (value: string) => string;
276
336
  } & {
277
337
  key: "SPFN_AUTH_VERIFICATION_TOKEN_SECRET";
278
338
  };
@@ -281,6 +341,7 @@ declare const env: _spfn_core_env.InferEnvType<{
281
341
  required: boolean;
282
342
  examples: string[];
283
343
  type: "string";
344
+ validator: (value: string) => string;
284
345
  } & {
285
346
  key: "SPFN_AUTH_ADMIN_ACCOUNTS";
286
347
  };
@@ -289,6 +350,7 @@ declare const env: _spfn_core_env.InferEnvType<{
289
350
  required: boolean;
290
351
  examples: string[];
291
352
  type: "string";
353
+ validator: (value: string) => string;
292
354
  } & {
293
355
  key: "SPFN_AUTH_ADMIN_EMAILS";
294
356
  };
@@ -297,6 +359,7 @@ declare const env: _spfn_core_env.InferEnvType<{
297
359
  required: boolean;
298
360
  examples: string[];
299
361
  type: "string";
362
+ validator: (value: string) => string;
300
363
  } & {
301
364
  key: "SPFN_AUTH_ADMIN_PASSWORDS";
302
365
  };
@@ -305,6 +368,7 @@ declare const env: _spfn_core_env.InferEnvType<{
305
368
  required: boolean;
306
369
  examples: string[];
307
370
  type: "string";
371
+ validator: (value: string) => string;
308
372
  } & {
309
373
  key: "SPFN_AUTH_ADMIN_ROLES";
310
374
  };
@@ -313,96 +377,144 @@ declare const env: _spfn_core_env.InferEnvType<{
313
377
  required: boolean;
314
378
  examples: string[];
315
379
  type: "string";
380
+ validator: (value: string) => string;
316
381
  } & {
317
382
  key: "SPFN_AUTH_ADMIN_EMAIL";
318
383
  };
319
384
  SPFN_AUTH_ADMIN_PASSWORD: {
320
385
  description: string;
321
386
  required: boolean;
322
- validator: _spfn_core_env.Parser<string>;
387
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
323
388
  sensitive: boolean;
324
389
  examples: string[];
325
390
  type: "string";
326
391
  } & {
327
392
  key: "SPFN_AUTH_ADMIN_PASSWORD";
328
393
  };
394
+ SPFN_AUTH_RESERVED_USERNAMES: {
395
+ description: string;
396
+ required: boolean;
397
+ default: string;
398
+ examples: string[];
399
+ type: "string";
400
+ validator: (value: string) => string;
401
+ } & {
402
+ key: "SPFN_AUTH_RESERVED_USERNAMES";
403
+ };
404
+ SPFN_AUTH_USERNAME_MIN_LENGTH: {
405
+ description: string;
406
+ default: number;
407
+ required: boolean;
408
+ examples: number[];
409
+ type: "number";
410
+ validator: (value: string) => number;
411
+ } & {
412
+ key: "SPFN_AUTH_USERNAME_MIN_LENGTH";
413
+ };
414
+ SPFN_AUTH_USERNAME_MAX_LENGTH: {
415
+ description: string;
416
+ default: number;
417
+ required: boolean;
418
+ examples: number[];
419
+ type: "number";
420
+ validator: (value: string) => number;
421
+ } & {
422
+ key: "SPFN_AUTH_USERNAME_MAX_LENGTH";
423
+ };
329
424
  SPFN_API_URL: {
330
425
  description: string;
331
426
  default: string;
332
427
  required: boolean;
333
428
  examples: string[];
334
429
  type: "string";
430
+ validator: (value: string) => string;
335
431
  } & {
336
432
  key: "SPFN_API_URL";
337
433
  };
338
- SPFN_AUTH_AWS_REGION: {
434
+ NEXT_PUBLIC_SPFN_API_URL: {
339
435
  description: string;
340
- default: string;
341
436
  required: boolean;
342
437
  examples: string[];
343
438
  type: "string";
439
+ validator: (value: string) => string;
344
440
  } & {
345
- key: "SPFN_AUTH_AWS_REGION";
441
+ key: "NEXT_PUBLIC_SPFN_API_URL";
346
442
  };
347
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
443
+ SPFN_APP_URL: {
348
444
  description: string;
445
+ default: string;
349
446
  required: boolean;
350
- sensitive: boolean;
351
447
  examples: string[];
352
448
  type: "string";
449
+ validator: (value: string) => string;
353
450
  } & {
354
- key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
451
+ key: "SPFN_APP_URL";
355
452
  };
356
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
453
+ NEXT_PUBLIC_SPFN_APP_URL: {
357
454
  description: string;
358
455
  required: boolean;
359
- sensitive: boolean;
360
456
  examples: string[];
361
457
  type: "string";
458
+ validator: (value: string) => string;
362
459
  } & {
363
- key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
460
+ key: "NEXT_PUBLIC_SPFN_APP_URL";
364
461
  };
365
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
462
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
366
463
  description: string;
367
464
  required: boolean;
368
465
  examples: string[];
369
466
  type: "string";
467
+ validator: (value: string) => string;
370
468
  } & {
371
- key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
469
+ key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
372
470
  };
373
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
471
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
374
472
  description: string;
375
473
  required: boolean;
376
474
  sensitive: boolean;
377
475
  examples: string[];
378
476
  type: "string";
477
+ validator: (value: string) => string;
379
478
  } & {
380
- key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
479
+ key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
381
480
  };
382
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
481
+ SPFN_AUTH_GOOGLE_SCOPES: {
383
482
  description: string;
384
483
  required: boolean;
385
- sensitive: boolean;
386
484
  examples: string[];
387
485
  type: "string";
486
+ validator: (value: string) => string;
388
487
  } & {
389
- key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
488
+ key: "SPFN_AUTH_GOOGLE_SCOPES";
390
489
  };
391
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
490
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
392
491
  description: string;
393
492
  required: boolean;
394
493
  examples: string[];
395
494
  type: "string";
495
+ validator: (value: string) => string;
396
496
  } & {
397
- key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
497
+ key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
398
498
  };
399
- SPFN_AUTH_AWS_SES_FROM_NAME: {
499
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
400
500
  description: string;
401
501
  required: boolean;
502
+ default: string;
503
+ examples: string[];
504
+ type: "string";
505
+ validator: (value: string) => string;
506
+ } & {
507
+ key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
508
+ };
509
+ SPFN_AUTH_OAUTH_ERROR_URL: {
510
+ description: string;
511
+ required: boolean;
512
+ default: string;
402
513
  examples: string[];
403
514
  type: "string";
515
+ validator: (value: string) => string;
404
516
  } & {
405
- key: "SPFN_AUTH_AWS_SES_FROM_NAME";
517
+ key: "SPFN_AUTH_OAUTH_ERROR_URL";
406
518
  };
407
519
  }>;
408
520
 
package/dist/config.js CHANGED
@@ -152,11 +152,41 @@ var authEnvSchema = defineEnvSchema({
152
152
  })
153
153
  },
154
154
  // ============================================================================
155
+ // Username Configuration
156
+ // ============================================================================
157
+ SPFN_AUTH_RESERVED_USERNAMES: {
158
+ ...envString({
159
+ description: "Comma-separated list of reserved usernames that cannot be registered",
160
+ required: false,
161
+ default: "admin,root,system,support,help,moderator,superadmin",
162
+ examples: [
163
+ "admin,root,system,support,help",
164
+ "admin,root,system,support,help,moderator,superadmin,operator"
165
+ ]
166
+ })
167
+ },
168
+ SPFN_AUTH_USERNAME_MIN_LENGTH: {
169
+ ...envNumber({
170
+ description: "Minimum username length",
171
+ default: 3,
172
+ required: false,
173
+ examples: [2, 3, 4]
174
+ })
175
+ },
176
+ SPFN_AUTH_USERNAME_MAX_LENGTH: {
177
+ ...envNumber({
178
+ description: "Maximum username length",
179
+ default: 30,
180
+ required: false,
181
+ examples: [20, 30, 50]
182
+ })
183
+ },
184
+ // ============================================================================
155
185
  // API Configuration
156
186
  // ============================================================================
157
187
  SPFN_API_URL: {
158
188
  ...envString({
159
- description: "Base API URL for invitation links and other external-facing URLs",
189
+ description: "Internal API URL for server-to-server communication",
160
190
  default: "http://localhost:8790",
161
191
  required: false,
162
192
  examples: [
@@ -165,71 +195,96 @@ var authEnvSchema = defineEnvSchema({
165
195
  ]
166
196
  })
167
197
  },
168
- // ============================================================================
169
- // AWS SNS Configuration (SMS)
170
- // ============================================================================
171
- SPFN_AUTH_AWS_REGION: {
198
+ NEXT_PUBLIC_SPFN_API_URL: {
172
199
  ...envString({
173
- description: "AWS region for SNS service",
174
- default: "ap-northeast-2",
200
+ description: "Public-facing API URL used for browser-facing redirects (e.g. OAuth callback). Falls back to SPFN_API_URL if not set.",
175
201
  required: false,
176
- examples: ["ap-northeast-2", "us-east-1", "eu-west-1"]
202
+ examples: [
203
+ "https://api.example.com",
204
+ "http://localhost:8790"
205
+ ]
177
206
  })
178
207
  },
179
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
208
+ SPFN_APP_URL: {
180
209
  ...envString({
181
- description: "AWS SNS access key ID (optional, uses default credentials chain if not provided)",
210
+ description: "Next.js application URL (internal). Used for server-to-server communication.",
211
+ default: "http://localhost:3000",
182
212
  required: false,
183
- sensitive: true,
184
- examples: ["AKIAIOSFODNN7EXAMPLE"]
213
+ examples: [
214
+ "https://app.example.com",
215
+ "http://localhost:3000"
216
+ ]
185
217
  })
186
218
  },
187
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
219
+ NEXT_PUBLIC_SPFN_APP_URL: {
188
220
  ...envString({
189
- description: "AWS SNS secret access key (optional, uses default credentials chain if not provided)",
221
+ description: "Public-facing Next.js app URL for browser redirects (e.g. OAuth redirect). Falls back to SPFN_APP_URL if not set.",
190
222
  required: false,
191
- sensitive: true,
192
- examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
223
+ examples: [
224
+ "https://app.example.com",
225
+ "http://localhost:3000"
226
+ ]
193
227
  })
194
228
  },
195
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
229
+ // ============================================================================
230
+ // OAuth Configuration - Google
231
+ // ============================================================================
232
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
196
233
  ...envString({
197
- description: "SMS sender ID displayed to recipients (max 11 characters, alphanumeric)",
234
+ description: "Google OAuth 2.0 Client ID. When set, Google OAuth routes are automatically enabled.",
198
235
  required: false,
199
- examples: ["MyApp", "YourBrand"]
236
+ examples: ["123456789-abc123.apps.googleusercontent.com"]
200
237
  })
201
238
  },
202
- // ============================================================================
203
- // AWS SES Configuration (Email)
204
- // ============================================================================
205
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
239
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
206
240
  ...envString({
207
- description: "AWS SES access key ID (optional, uses default credentials chain if not provided)",
241
+ description: "Google OAuth 2.0 Client Secret",
208
242
  required: false,
209
243
  sensitive: true,
210
- examples: ["AKIAIOSFODNN7EXAMPLE"]
244
+ examples: ["GOCSPX-abcdefghijklmnop"]
211
245
  })
212
246
  },
213
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
247
+ SPFN_AUTH_GOOGLE_SCOPES: {
214
248
  ...envString({
215
- description: "AWS SES secret access key (optional, uses default credentials chain if not provided)",
249
+ description: 'Comma-separated Google OAuth scopes. Defaults to "email,profile" if not set.',
216
250
  required: false,
217
- sensitive: true,
218
- examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
251
+ examples: [
252
+ "email,profile",
253
+ "email,profile,https://www.googleapis.com/auth/gmail.readonly",
254
+ "email,profile,https://www.googleapis.com/auth/calendar.readonly"
255
+ ]
219
256
  })
220
257
  },
221
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
258
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
222
259
  ...envString({
223
- description: "Sender email address (must be verified in AWS SES)",
260
+ description: "Google OAuth callback URL. Defaults to {NEXT_PUBLIC_SPFN_API_URL || SPFN_API_URL}/_auth/oauth/google/callback",
224
261
  required: false,
225
- examples: ["noreply@example.com", "auth@yourdomain.com"]
262
+ examples: [
263
+ "https://api.example.com/_auth/oauth/google/callback",
264
+ "http://localhost:8790/_auth/oauth/google/callback"
265
+ ]
226
266
  })
227
267
  },
228
- SPFN_AUTH_AWS_SES_FROM_NAME: {
268
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
229
269
  ...envString({
230
- description: "Sender display name",
270
+ description: "OAuth callback page URL. This page should use OAuthCallback component to finalize session.",
231
271
  required: false,
232
- examples: ["MyApp", "Your Company"]
272
+ default: "/auth/callback",
273
+ examples: [
274
+ "/auth/callback",
275
+ "https://app.example.com/auth/callback"
276
+ ]
277
+ })
278
+ },
279
+ SPFN_AUTH_OAUTH_ERROR_URL: {
280
+ ...envString({
281
+ description: "URL to redirect after OAuth error. Use {error} placeholder for error message.",
282
+ required: false,
283
+ default: "http://localhost:3000/auth/error?error={error}",
284
+ examples: [
285
+ "https://app.example.com/auth/error?error={error}",
286
+ "http://localhost:3000/auth/error?error={error}"
287
+ ]
233
288
  })
234
289
  }
235
290
  });