@spfn/auth 0.2.0-beta.5 → 0.2.0-beta.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/README.md +831 -198
  2. package/dist/{dto-Bb2qFUO6.d.ts → authenticate-eucncHxN.d.ts} +452 -161
  3. package/dist/config.d.ts +176 -44
  4. package/dist/config.js +99 -35
  5. package/dist/config.js.map +1 -1
  6. package/dist/errors.d.ts +30 -2
  7. package/dist/errors.js +24 -0
  8. package/dist/errors.js.map +1 -1
  9. package/dist/index.d.ts +287 -113
  10. package/dist/index.js +59 -1
  11. package/dist/index.js.map +1 -1
  12. package/dist/nextjs/api.js +235 -13
  13. package/dist/nextjs/api.js.map +1 -1
  14. package/dist/nextjs/client.d.ts +28 -0
  15. package/dist/nextjs/client.js +80 -0
  16. package/dist/nextjs/client.js.map +1 -0
  17. package/dist/nextjs/server.d.ts +90 -2
  18. package/dist/nextjs/server.js +146 -21
  19. package/dist/nextjs/server.js.map +1 -1
  20. package/dist/server.d.ts +833 -418
  21. package/dist/server.js +1420 -597
  22. package/dist/server.js.map +1 -1
  23. package/migrations/0001_smooth_the_fury.sql +3 -0
  24. package/migrations/0002_deep_iceman.sql +11 -0
  25. package/migrations/0003_perfect_deathbird.sql +3 -0
  26. package/migrations/0004_concerned_rawhide_kid.sql +5 -0
  27. package/migrations/meta/0001_snapshot.json +1660 -0
  28. package/migrations/meta/0002_snapshot.json +1660 -0
  29. package/migrations/meta/0003_snapshot.json +1689 -0
  30. package/migrations/meta/0004_snapshot.json +1721 -0
  31. package/migrations/meta/_journal.json +28 -0
  32. package/package.json +13 -9
package/dist/config.d.ts CHANGED
@@ -31,7 +31,7 @@ declare const authEnvSchema: {
31
31
  description: string;
32
32
  required: boolean;
33
33
  fallbackKeys: string[];
34
- validator: _spfn_core_env.Parser<string>;
34
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
35
35
  sensitive: boolean;
36
36
  nextjs: boolean;
37
37
  examples: string[];
@@ -46,6 +46,7 @@ declare const authEnvSchema: {
46
46
  nextjs: boolean;
47
47
  examples: string[];
48
48
  type: "string";
49
+ validator: (value: string) => string;
49
50
  } & {
50
51
  key: "SPFN_AUTH_SESSION_TTL";
51
52
  };
@@ -55,6 +56,7 @@ declare const authEnvSchema: {
55
56
  required: boolean;
56
57
  examples: string[];
57
58
  type: "string";
59
+ validator: (value: string) => string;
58
60
  } & {
59
61
  key: "SPFN_AUTH_JWT_SECRET";
60
62
  };
@@ -64,9 +66,20 @@ declare const authEnvSchema: {
64
66
  required: boolean;
65
67
  examples: string[];
66
68
  type: "string";
69
+ validator: (value: string) => string;
67
70
  } & {
68
71
  key: "SPFN_AUTH_JWT_EXPIRES_IN";
69
72
  };
73
+ SPFN_AUTH_COOKIE_SECURE: {
74
+ description: string;
75
+ required: boolean;
76
+ nextjs: boolean;
77
+ examples: boolean[];
78
+ type: "boolean";
79
+ validator: (value: string) => boolean;
80
+ } & {
81
+ key: "SPFN_AUTH_COOKIE_SECURE";
82
+ };
70
83
  SPFN_AUTH_BCRYPT_SALT_ROUNDS: {
71
84
  key: string;
72
85
  description: string;
@@ -83,6 +96,7 @@ declare const authEnvSchema: {
83
96
  required: boolean;
84
97
  examples: string[];
85
98
  type: "string";
99
+ validator: (value: string) => string;
86
100
  } & {
87
101
  key: "SPFN_AUTH_VERIFICATION_TOKEN_SECRET";
88
102
  };
@@ -91,6 +105,7 @@ declare const authEnvSchema: {
91
105
  required: boolean;
92
106
  examples: string[];
93
107
  type: "string";
108
+ validator: (value: string) => string;
94
109
  } & {
95
110
  key: "SPFN_AUTH_ADMIN_ACCOUNTS";
96
111
  };
@@ -99,6 +114,7 @@ declare const authEnvSchema: {
99
114
  required: boolean;
100
115
  examples: string[];
101
116
  type: "string";
117
+ validator: (value: string) => string;
102
118
  } & {
103
119
  key: "SPFN_AUTH_ADMIN_EMAILS";
104
120
  };
@@ -107,6 +123,7 @@ declare const authEnvSchema: {
107
123
  required: boolean;
108
124
  examples: string[];
109
125
  type: "string";
126
+ validator: (value: string) => string;
110
127
  } & {
111
128
  key: "SPFN_AUTH_ADMIN_PASSWORDS";
112
129
  };
@@ -115,6 +132,7 @@ declare const authEnvSchema: {
115
132
  required: boolean;
116
133
  examples: string[];
117
134
  type: "string";
135
+ validator: (value: string) => string;
118
136
  } & {
119
137
  key: "SPFN_AUTH_ADMIN_ROLES";
120
138
  };
@@ -123,96 +141,144 @@ declare const authEnvSchema: {
123
141
  required: boolean;
124
142
  examples: string[];
125
143
  type: "string";
144
+ validator: (value: string) => string;
126
145
  } & {
127
146
  key: "SPFN_AUTH_ADMIN_EMAIL";
128
147
  };
129
148
  SPFN_AUTH_ADMIN_PASSWORD: {
130
149
  description: string;
131
150
  required: boolean;
132
- validator: _spfn_core_env.Parser<string>;
151
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
133
152
  sensitive: boolean;
134
153
  examples: string[];
135
154
  type: "string";
136
155
  } & {
137
156
  key: "SPFN_AUTH_ADMIN_PASSWORD";
138
157
  };
158
+ SPFN_AUTH_RESERVED_USERNAMES: {
159
+ description: string;
160
+ required: boolean;
161
+ default: string;
162
+ examples: string[];
163
+ type: "string";
164
+ validator: (value: string) => string;
165
+ } & {
166
+ key: "SPFN_AUTH_RESERVED_USERNAMES";
167
+ };
168
+ SPFN_AUTH_USERNAME_MIN_LENGTH: {
169
+ description: string;
170
+ default: number;
171
+ required: boolean;
172
+ examples: number[];
173
+ type: "number";
174
+ validator: (value: string) => number;
175
+ } & {
176
+ key: "SPFN_AUTH_USERNAME_MIN_LENGTH";
177
+ };
178
+ SPFN_AUTH_USERNAME_MAX_LENGTH: {
179
+ description: string;
180
+ default: number;
181
+ required: boolean;
182
+ examples: number[];
183
+ type: "number";
184
+ validator: (value: string) => number;
185
+ } & {
186
+ key: "SPFN_AUTH_USERNAME_MAX_LENGTH";
187
+ };
139
188
  SPFN_API_URL: {
140
189
  description: string;
141
190
  default: string;
142
191
  required: boolean;
143
192
  examples: string[];
144
193
  type: "string";
194
+ validator: (value: string) => string;
145
195
  } & {
146
196
  key: "SPFN_API_URL";
147
197
  };
148
- SPFN_AUTH_AWS_REGION: {
198
+ NEXT_PUBLIC_SPFN_API_URL: {
149
199
  description: string;
150
- default: string;
151
200
  required: boolean;
152
201
  examples: string[];
153
202
  type: "string";
203
+ validator: (value: string) => string;
154
204
  } & {
155
- key: "SPFN_AUTH_AWS_REGION";
205
+ key: "NEXT_PUBLIC_SPFN_API_URL";
156
206
  };
157
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
207
+ SPFN_APP_URL: {
158
208
  description: string;
209
+ default: string;
159
210
  required: boolean;
160
- sensitive: boolean;
161
211
  examples: string[];
162
212
  type: "string";
213
+ validator: (value: string) => string;
163
214
  } & {
164
- key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
215
+ key: "SPFN_APP_URL";
165
216
  };
166
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
217
+ NEXT_PUBLIC_SPFN_APP_URL: {
167
218
  description: string;
168
219
  required: boolean;
169
- sensitive: boolean;
170
220
  examples: string[];
171
221
  type: "string";
222
+ validator: (value: string) => string;
172
223
  } & {
173
- key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
224
+ key: "NEXT_PUBLIC_SPFN_APP_URL";
174
225
  };
175
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
226
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
176
227
  description: string;
177
228
  required: boolean;
178
229
  examples: string[];
179
230
  type: "string";
231
+ validator: (value: string) => string;
180
232
  } & {
181
- key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
233
+ key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
182
234
  };
183
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
235
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
184
236
  description: string;
185
237
  required: boolean;
186
238
  sensitive: boolean;
187
239
  examples: string[];
188
240
  type: "string";
241
+ validator: (value: string) => string;
189
242
  } & {
190
- key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
243
+ key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
191
244
  };
192
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
245
+ SPFN_AUTH_GOOGLE_SCOPES: {
246
+ description: string;
247
+ required: boolean;
248
+ examples: string[];
249
+ type: "string";
250
+ validator: (value: string) => string;
251
+ } & {
252
+ key: "SPFN_AUTH_GOOGLE_SCOPES";
253
+ };
254
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
193
255
  description: string;
194
256
  required: boolean;
195
- sensitive: boolean;
196
257
  examples: string[];
197
258
  type: "string";
259
+ validator: (value: string) => string;
198
260
  } & {
199
- key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
261
+ key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
200
262
  };
201
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
263
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
202
264
  description: string;
203
265
  required: boolean;
266
+ default: string;
204
267
  examples: string[];
205
268
  type: "string";
269
+ validator: (value: string) => string;
206
270
  } & {
207
- key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
271
+ key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
208
272
  };
209
- SPFN_AUTH_AWS_SES_FROM_NAME: {
273
+ SPFN_AUTH_OAUTH_ERROR_URL: {
210
274
  description: string;
211
275
  required: boolean;
276
+ default: string;
212
277
  examples: string[];
213
278
  type: "string";
279
+ validator: (value: string) => string;
214
280
  } & {
215
- key: "SPFN_AUTH_AWS_SES_FROM_NAME";
281
+ key: "SPFN_AUTH_OAUTH_ERROR_URL";
216
282
  };
217
283
  };
218
284
 
@@ -221,7 +287,7 @@ declare const env: _spfn_core_env.InferEnvType<{
221
287
  description: string;
222
288
  required: boolean;
223
289
  fallbackKeys: string[];
224
- validator: _spfn_core_env.Parser<string>;
290
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
225
291
  sensitive: boolean;
226
292
  nextjs: boolean;
227
293
  examples: string[];
@@ -236,6 +302,7 @@ declare const env: _spfn_core_env.InferEnvType<{
236
302
  nextjs: boolean;
237
303
  examples: string[];
238
304
  type: "string";
305
+ validator: (value: string) => string;
239
306
  } & {
240
307
  key: "SPFN_AUTH_SESSION_TTL";
241
308
  };
@@ -245,6 +312,7 @@ declare const env: _spfn_core_env.InferEnvType<{
245
312
  required: boolean;
246
313
  examples: string[];
247
314
  type: "string";
315
+ validator: (value: string) => string;
248
316
  } & {
249
317
  key: "SPFN_AUTH_JWT_SECRET";
250
318
  };
@@ -254,9 +322,20 @@ declare const env: _spfn_core_env.InferEnvType<{
254
322
  required: boolean;
255
323
  examples: string[];
256
324
  type: "string";
325
+ validator: (value: string) => string;
257
326
  } & {
258
327
  key: "SPFN_AUTH_JWT_EXPIRES_IN";
259
328
  };
329
+ SPFN_AUTH_COOKIE_SECURE: {
330
+ description: string;
331
+ required: boolean;
332
+ nextjs: boolean;
333
+ examples: boolean[];
334
+ type: "boolean";
335
+ validator: (value: string) => boolean;
336
+ } & {
337
+ key: "SPFN_AUTH_COOKIE_SECURE";
338
+ };
260
339
  SPFN_AUTH_BCRYPT_SALT_ROUNDS: {
261
340
  key: string;
262
341
  description: string;
@@ -273,6 +352,7 @@ declare const env: _spfn_core_env.InferEnvType<{
273
352
  required: boolean;
274
353
  examples: string[];
275
354
  type: "string";
355
+ validator: (value: string) => string;
276
356
  } & {
277
357
  key: "SPFN_AUTH_VERIFICATION_TOKEN_SECRET";
278
358
  };
@@ -281,6 +361,7 @@ declare const env: _spfn_core_env.InferEnvType<{
281
361
  required: boolean;
282
362
  examples: string[];
283
363
  type: "string";
364
+ validator: (value: string) => string;
284
365
  } & {
285
366
  key: "SPFN_AUTH_ADMIN_ACCOUNTS";
286
367
  };
@@ -289,6 +370,7 @@ declare const env: _spfn_core_env.InferEnvType<{
289
370
  required: boolean;
290
371
  examples: string[];
291
372
  type: "string";
373
+ validator: (value: string) => string;
292
374
  } & {
293
375
  key: "SPFN_AUTH_ADMIN_EMAILS";
294
376
  };
@@ -297,6 +379,7 @@ declare const env: _spfn_core_env.InferEnvType<{
297
379
  required: boolean;
298
380
  examples: string[];
299
381
  type: "string";
382
+ validator: (value: string) => string;
300
383
  } & {
301
384
  key: "SPFN_AUTH_ADMIN_PASSWORDS";
302
385
  };
@@ -305,6 +388,7 @@ declare const env: _spfn_core_env.InferEnvType<{
305
388
  required: boolean;
306
389
  examples: string[];
307
390
  type: "string";
391
+ validator: (value: string) => string;
308
392
  } & {
309
393
  key: "SPFN_AUTH_ADMIN_ROLES";
310
394
  };
@@ -313,96 +397,144 @@ declare const env: _spfn_core_env.InferEnvType<{
313
397
  required: boolean;
314
398
  examples: string[];
315
399
  type: "string";
400
+ validator: (value: string) => string;
316
401
  } & {
317
402
  key: "SPFN_AUTH_ADMIN_EMAIL";
318
403
  };
319
404
  SPFN_AUTH_ADMIN_PASSWORD: {
320
405
  description: string;
321
406
  required: boolean;
322
- validator: _spfn_core_env.Parser<string>;
407
+ validator: _spfn_core_env.Parser<string> & ((value: string) => string);
323
408
  sensitive: boolean;
324
409
  examples: string[];
325
410
  type: "string";
326
411
  } & {
327
412
  key: "SPFN_AUTH_ADMIN_PASSWORD";
328
413
  };
414
+ SPFN_AUTH_RESERVED_USERNAMES: {
415
+ description: string;
416
+ required: boolean;
417
+ default: string;
418
+ examples: string[];
419
+ type: "string";
420
+ validator: (value: string) => string;
421
+ } & {
422
+ key: "SPFN_AUTH_RESERVED_USERNAMES";
423
+ };
424
+ SPFN_AUTH_USERNAME_MIN_LENGTH: {
425
+ description: string;
426
+ default: number;
427
+ required: boolean;
428
+ examples: number[];
429
+ type: "number";
430
+ validator: (value: string) => number;
431
+ } & {
432
+ key: "SPFN_AUTH_USERNAME_MIN_LENGTH";
433
+ };
434
+ SPFN_AUTH_USERNAME_MAX_LENGTH: {
435
+ description: string;
436
+ default: number;
437
+ required: boolean;
438
+ examples: number[];
439
+ type: "number";
440
+ validator: (value: string) => number;
441
+ } & {
442
+ key: "SPFN_AUTH_USERNAME_MAX_LENGTH";
443
+ };
329
444
  SPFN_API_URL: {
330
445
  description: string;
331
446
  default: string;
332
447
  required: boolean;
333
448
  examples: string[];
334
449
  type: "string";
450
+ validator: (value: string) => string;
335
451
  } & {
336
452
  key: "SPFN_API_URL";
337
453
  };
338
- SPFN_AUTH_AWS_REGION: {
454
+ NEXT_PUBLIC_SPFN_API_URL: {
339
455
  description: string;
340
- default: string;
341
456
  required: boolean;
342
457
  examples: string[];
343
458
  type: "string";
459
+ validator: (value: string) => string;
344
460
  } & {
345
- key: "SPFN_AUTH_AWS_REGION";
461
+ key: "NEXT_PUBLIC_SPFN_API_URL";
346
462
  };
347
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
463
+ SPFN_APP_URL: {
348
464
  description: string;
465
+ default: string;
349
466
  required: boolean;
350
- sensitive: boolean;
351
467
  examples: string[];
352
468
  type: "string";
469
+ validator: (value: string) => string;
353
470
  } & {
354
- key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
471
+ key: "SPFN_APP_URL";
355
472
  };
356
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
473
+ NEXT_PUBLIC_SPFN_APP_URL: {
357
474
  description: string;
358
475
  required: boolean;
359
- sensitive: boolean;
360
476
  examples: string[];
361
477
  type: "string";
478
+ validator: (value: string) => string;
362
479
  } & {
363
- key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
480
+ key: "NEXT_PUBLIC_SPFN_APP_URL";
364
481
  };
365
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
482
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
366
483
  description: string;
367
484
  required: boolean;
368
485
  examples: string[];
369
486
  type: "string";
487
+ validator: (value: string) => string;
370
488
  } & {
371
- key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
489
+ key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
372
490
  };
373
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
491
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
374
492
  description: string;
375
493
  required: boolean;
376
494
  sensitive: boolean;
377
495
  examples: string[];
378
496
  type: "string";
497
+ validator: (value: string) => string;
379
498
  } & {
380
- key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
499
+ key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
381
500
  };
382
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
501
+ SPFN_AUTH_GOOGLE_SCOPES: {
502
+ description: string;
503
+ required: boolean;
504
+ examples: string[];
505
+ type: "string";
506
+ validator: (value: string) => string;
507
+ } & {
508
+ key: "SPFN_AUTH_GOOGLE_SCOPES";
509
+ };
510
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
383
511
  description: string;
384
512
  required: boolean;
385
- sensitive: boolean;
386
513
  examples: string[];
387
514
  type: "string";
515
+ validator: (value: string) => string;
388
516
  } & {
389
- key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
517
+ key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
390
518
  };
391
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
519
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
392
520
  description: string;
393
521
  required: boolean;
522
+ default: string;
394
523
  examples: string[];
395
524
  type: "string";
525
+ validator: (value: string) => string;
396
526
  } & {
397
- key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
527
+ key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
398
528
  };
399
- SPFN_AUTH_AWS_SES_FROM_NAME: {
529
+ SPFN_AUTH_OAUTH_ERROR_URL: {
400
530
  description: string;
401
531
  required: boolean;
532
+ default: string;
402
533
  examples: string[];
403
534
  type: "string";
535
+ validator: (value: string) => string;
404
536
  } & {
405
- key: "SPFN_AUTH_AWS_SES_FROM_NAME";
537
+ key: "SPFN_AUTH_OAUTH_ERROR_URL";
406
538
  };
407
539
  }>;
408
540
 
package/dist/config.js CHANGED
@@ -6,6 +6,7 @@ import {
6
6
  defineEnvSchema,
7
7
  envString,
8
8
  envNumber,
9
+ envBoolean,
9
10
  createSecureSecretParser,
10
11
  createPasswordParser
11
12
  } from "@spfn/core/env";
@@ -67,6 +68,14 @@ var authEnvSchema = defineEnvSchema({
67
68
  // ============================================================================
68
69
  // Security Configuration
69
70
  // ============================================================================
71
+ SPFN_AUTH_COOKIE_SECURE: {
72
+ ...envBoolean({
73
+ description: 'Override cookie Secure flag. Defaults to NODE_ENV === "production". Set to false for HTTP-only environments (e.g. bastion over plain HTTP).',
74
+ required: false,
75
+ nextjs: true,
76
+ examples: [true, false]
77
+ })
78
+ },
70
79
  SPFN_AUTH_BCRYPT_SALT_ROUNDS: {
71
80
  ...envNumber({
72
81
  description: "Bcrypt salt rounds (cost factor, higher = more secure but slower)",
@@ -152,11 +161,41 @@ var authEnvSchema = defineEnvSchema({
152
161
  })
153
162
  },
154
163
  // ============================================================================
164
+ // Username Configuration
165
+ // ============================================================================
166
+ SPFN_AUTH_RESERVED_USERNAMES: {
167
+ ...envString({
168
+ description: "Comma-separated list of reserved usernames that cannot be registered",
169
+ required: false,
170
+ default: "admin,root,system,support,help,moderator,superadmin",
171
+ examples: [
172
+ "admin,root,system,support,help",
173
+ "admin,root,system,support,help,moderator,superadmin,operator"
174
+ ]
175
+ })
176
+ },
177
+ SPFN_AUTH_USERNAME_MIN_LENGTH: {
178
+ ...envNumber({
179
+ description: "Minimum username length",
180
+ default: 3,
181
+ required: false,
182
+ examples: [2, 3, 4]
183
+ })
184
+ },
185
+ SPFN_AUTH_USERNAME_MAX_LENGTH: {
186
+ ...envNumber({
187
+ description: "Maximum username length",
188
+ default: 30,
189
+ required: false,
190
+ examples: [20, 30, 50]
191
+ })
192
+ },
193
+ // ============================================================================
155
194
  // API Configuration
156
195
  // ============================================================================
157
196
  SPFN_API_URL: {
158
197
  ...envString({
159
- description: "Base API URL for invitation links and other external-facing URLs",
198
+ description: "Internal API URL for server-to-server communication",
160
199
  default: "http://localhost:8790",
161
200
  required: false,
162
201
  examples: [
@@ -165,71 +204,96 @@ var authEnvSchema = defineEnvSchema({
165
204
  ]
166
205
  })
167
206
  },
168
- // ============================================================================
169
- // AWS SNS Configuration (SMS)
170
- // ============================================================================
171
- SPFN_AUTH_AWS_REGION: {
207
+ NEXT_PUBLIC_SPFN_API_URL: {
172
208
  ...envString({
173
- description: "AWS region for SNS service",
174
- default: "ap-northeast-2",
209
+ description: "Public-facing API URL used for browser-facing redirects (e.g. OAuth callback). Falls back to SPFN_API_URL if not set.",
175
210
  required: false,
176
- examples: ["ap-northeast-2", "us-east-1", "eu-west-1"]
211
+ examples: [
212
+ "https://api.example.com",
213
+ "http://localhost:8790"
214
+ ]
177
215
  })
178
216
  },
179
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
217
+ SPFN_APP_URL: {
180
218
  ...envString({
181
- description: "AWS SNS access key ID (optional, uses default credentials chain if not provided)",
219
+ description: "Next.js application URL (internal). Used for server-to-server communication.",
220
+ default: "http://localhost:3000",
182
221
  required: false,
183
- sensitive: true,
184
- examples: ["AKIAIOSFODNN7EXAMPLE"]
222
+ examples: [
223
+ "https://app.example.com",
224
+ "http://localhost:3000"
225
+ ]
185
226
  })
186
227
  },
187
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
228
+ NEXT_PUBLIC_SPFN_APP_URL: {
188
229
  ...envString({
189
- description: "AWS SNS secret access key (optional, uses default credentials chain if not provided)",
230
+ description: "Public-facing Next.js app URL for browser redirects (e.g. OAuth redirect). Falls back to SPFN_APP_URL if not set.",
190
231
  required: false,
191
- sensitive: true,
192
- examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
232
+ examples: [
233
+ "https://app.example.com",
234
+ "http://localhost:3000"
235
+ ]
193
236
  })
194
237
  },
195
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
238
+ // ============================================================================
239
+ // OAuth Configuration - Google
240
+ // ============================================================================
241
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
196
242
  ...envString({
197
- description: "SMS sender ID displayed to recipients (max 11 characters, alphanumeric)",
243
+ description: "Google OAuth 2.0 Client ID. When set, Google OAuth routes are automatically enabled.",
198
244
  required: false,
199
- examples: ["MyApp", "YourBrand"]
245
+ examples: ["123456789-abc123.apps.googleusercontent.com"]
200
246
  })
201
247
  },
202
- // ============================================================================
203
- // AWS SES Configuration (Email)
204
- // ============================================================================
205
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
248
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
206
249
  ...envString({
207
- description: "AWS SES access key ID (optional, uses default credentials chain if not provided)",
250
+ description: "Google OAuth 2.0 Client Secret",
208
251
  required: false,
209
252
  sensitive: true,
210
- examples: ["AKIAIOSFODNN7EXAMPLE"]
253
+ examples: ["GOCSPX-abcdefghijklmnop"]
211
254
  })
212
255
  },
213
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
256
+ SPFN_AUTH_GOOGLE_SCOPES: {
214
257
  ...envString({
215
- description: "AWS SES secret access key (optional, uses default credentials chain if not provided)",
258
+ description: 'Comma-separated Google OAuth scopes. Defaults to "email,profile" if not set.',
216
259
  required: false,
217
- sensitive: true,
218
- examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
260
+ examples: [
261
+ "email,profile",
262
+ "email,profile,https://www.googleapis.com/auth/gmail.readonly",
263
+ "email,profile,https://www.googleapis.com/auth/calendar.readonly"
264
+ ]
265
+ })
266
+ },
267
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
268
+ ...envString({
269
+ description: "Google OAuth callback URL. Defaults to {NEXT_PUBLIC_SPFN_API_URL || SPFN_API_URL}/_auth/oauth/google/callback",
270
+ required: false,
271
+ examples: [
272
+ "https://api.example.com/_auth/oauth/google/callback",
273
+ "http://localhost:8790/_auth/oauth/google/callback"
274
+ ]
219
275
  })
220
276
  },
221
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
277
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
222
278
  ...envString({
223
- description: "Sender email address (must be verified in AWS SES)",
279
+ description: "OAuth callback page URL. This page should use OAuthCallback component to finalize session.",
224
280
  required: false,
225
- examples: ["noreply@example.com", "auth@yourdomain.com"]
281
+ default: "/auth/callback",
282
+ examples: [
283
+ "/auth/callback",
284
+ "https://app.example.com/auth/callback"
285
+ ]
226
286
  })
227
287
  },
228
- SPFN_AUTH_AWS_SES_FROM_NAME: {
288
+ SPFN_AUTH_OAUTH_ERROR_URL: {
229
289
  ...envString({
230
- description: "Sender display name",
290
+ description: "URL to redirect after OAuth error. Use {error} placeholder for error message.",
231
291
  required: false,
232
- examples: ["MyApp", "Your Company"]
292
+ default: "/auth/error?error={error}",
293
+ examples: [
294
+ "https://app.example.com/auth/error?error={error}",
295
+ "http://localhost:3000/auth/error?error={error}"
296
+ ]
233
297
  })
234
298
  }
235
299
  });