@tinyrack/tinyauth-server 0.0.7

package/dist/routes/api/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/routes/api/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAUnD,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wBAQI,CAAC"}

package/dist/routes/api/index.js

@@ -0,0 +1,19 @@
+import { Hono } from 'hono';
+import { authRoutes } from "./auth/index.js";
+import { configRoutes } from "./config/index.js";
+import { consentRoutes } from "./consent/index.js";
+import { docsRoutes } from "./docs/index.js";
+import { healthRoutes } from "./health/index.js";
+import { oauthRoutes } from "./oauth/index.js";
+import { termsRoutes } from "./terms/index.js";
+import { userRoutes } from "./user/index.js";
+export const apiRoutes = new Hono()
+    .route('/', authRoutes)
+    .route('/', configRoutes)
+    .route('/', consentRoutes)
+    .route('/', docsRoutes)
+    .route('/', healthRoutes)
+    .route('/', termsRoutes)
+    .route('/', userRoutes)
+    .route('/', oauthRoutes);
+//# sourceMappingURL=index.js.map

package/dist/routes/api/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/routes/api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAU;KACxC,KAAK,CAAC,GAAG,EAAE,UAAU,CAAC;KACtB,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC;KACxB,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC;KACzB,KAAK,CAAC,GAAG,EAAE,UAAU,CAAC;KACtB,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC;KACxB,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC;KACvB,KAAK,CAAC,GAAG,EAAE,UAAU,CAAC;KACtB,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC"}

package/dist/routes/api/oauth/_provider/authorize/get.d.ts

@@ -0,0 +1,21 @@
+import type { AppEnv } from '../../../../../lib/app-env.ts';
+export declare const oauthProviderAuthorizeGet: import("hono/hono-base").HonoBase<AppEnv, {
+    "/oauth/:provider/authorize": {
+        $get: {
+            input: {
+                param: {
+                    provider: string;
+                };
+            } & {
+                query: {
+                    mode?: string | string[];
+                    return_url?: string | string[];
+                };
+            };
+            output: undefined;
+            outputFormat: "redirect";
+            status: 302;
+        };
+    };
+}, "/", "/oauth/:provider/authorize">;
+//# sourceMappingURL=get.d.ts.map

package/dist/routes/api/oauth/_provider/authorize/get.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../../../../src/routes/api/oauth/_provider/authorize/get.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AAO5D,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;qCAwErC,CAAC"}

package/dist/routes/api/oauth/_provider/authorize/get.js

@@ -0,0 +1,60 @@
+import { Hono } from 'hono';
+import { describeRoute, resolver, validator } from 'hono-openapi';
+import { z } from 'zod';
+import { OPENAPI_SECURITY } from "../../../../../lib/openapi.js";
+import { TAGS } from "../../../../../lib/swagger-tags.js";
+import { verifyAuth } from "../../../../../middleware/auth.js";
+import { e } from "../../../../../schemas/error.js";
+import { f } from "../../../../../schemas/field.js";
+export const oauthProviderAuthorizeGet = new Hono().get('/oauth/:provider/authorize', describeRoute({
+    tags: [TAGS.OAUTH_CONNECT],
+    security: OPENAPI_SECURITY.optionalCookieSession,
+    summary: 'Initiate OAuth Authorize Flow',
+    description: 'Redirects the user to the OAuth provider for authentication',
+    responses: {
+        302: {
+            description: 'Redirect to OAuth provider',
+        },
+        401: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.Unauthorized.Schema),
+                },
+            },
+            description: 'Unauthorized',
+        },
+        404: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.OAuthProviderNotFound.Schema),
+                },
+            },
+            description: 'OAuth provider not found',
+        },
+    },
+}), validator('param', z.object({
+    provider: f.providerName,
+})), validator('query', z.object({
+    mode: f.oauthConnectMode.default('login'),
+    return_url: f.returnUrl.optional(),
+})), verifyAuth({ optional: true }), async (c) => {
+    const params = c.req.valid('param');
+    const query = c.req.valid('query');
+    const { provider } = params;
+    const { mode, return_url } = query;
+    const session = c.var.session;
+    const { oauthConnectService } = c.var.services;
+    // Link mode requires authenticated user
+    if (mode === 'link') {
+        if (!c.var.verifiedUser) {
+            throw new e.Unauthorized.Error();
+        }
+    }
+    // Generate authorization URL and session data
+    const { url, sessionData } = await oauthConnectService.generateAuthorizationUrl(provider, mode, return_url);
+    // Store OAuth session data in secure session
+    session.set('oauth', sessionData);
+    // Redirect to OAuth provider
+    return c.redirect(url);
+});
+//# sourceMappingURL=get.js.map

package/dist/routes/api/oauth/_provider/authorize/get.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.js","sourceRoot":"","sources":["../../../../../../src/routes/api/oauth/_provider/authorize/get.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAE,CAAC,EAAE,MAAM,iCAAiC,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,iCAAiC,CAAC;AAEpD,MAAM,CAAC,MAAM,yBAAyB,GAAG,IAAI,IAAI,EAAU,CAAC,GAAG,CAC7D,4BAA4B,EAC5B,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC;IAC1B,QAAQ,EAAE,gBAAgB,CAAC,qBAAqB;IAChD,OAAO,EAAE,+BAA+B;IACxC,WAAW,EAAE,6DAA6D;IAC1E,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,4BAA4B;SAC1C;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC;iBACxC;aACF;YACD,WAAW,EAAE,cAAc;SAC5B;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC,MAAM,CAAC;iBACjD;aACF;YACD,WAAW,EAAE,0BAA0B;SACxC;KACF;CACF,CAAC,EACF,SAAS,CACP,OAAO,EACP,CAAC,CAAC,MAAM,CAAC;IACP,QAAQ,EAAE,CAAC,CAAC,YAAY;CACzB,CAAC,CACH,EACD,SAAS,CACP,OAAO,EACP,CAAC,CAAC,MAAM,CAAC;IACP,IAAI,EAAE,CAAC,CAAC,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC;IACzC,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC,QAAQ,EAAE;CACnC,CAAC,CACH,EACD,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,EAC9B,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAC5B,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,KAAK,CAAC;IACnC,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC;IAC9B,MAAM,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IAE/C,wCAAwC;IACxC,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACpB,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,GACxB,MAAM,mBAAmB,CAAC,wBAAwB,CAChD,QAAQ,EACR,IAAI,EACJ,UAAU,CACX,CAAC;IAEJ,6CAA6C;IAC7C,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAElC,6BAA6B;IAC7B,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC,CACF,CAAC"}

package/dist/routes/api/oauth/_provider/callback/get.d.ts

@@ -0,0 +1,23 @@
+import type { AppEnv } from '../../../../../lib/app-env.ts';
+export declare const oauthProviderCallbackGet: import("hono/hono-base").HonoBase<AppEnv, {
+    "/oauth/:provider/callback": {
+        $get: {
+            input: {
+                param: {
+                    provider: string;
+                };
+            } & {
+                query: {
+                    code?: string | string[];
+                    state?: string | string[];
+                    error?: string | string[];
+                    error_description?: string | string[];
+                };
+            };
+            output: undefined;
+            outputFormat: "redirect";
+            status: 302;
+        };
+    };
+}, "/", "/oauth/:provider/callback">;
+//# sourceMappingURL=get.d.ts.map

package/dist/routes/api/oauth/_provider/callback/get.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../../../../src/routes/api/oauth/_provider/callback/get.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AAO5D,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;oCA4JpC,CAAC"}

package/dist/routes/api/oauth/_provider/callback/get.js

@@ -0,0 +1,137 @@
+import { Hono } from 'hono';
+import { describeRoute, resolver, validator } from 'hono-openapi';
+import { z } from 'zod';
+import { TAGS } from "../../../../../lib/swagger-tags.js";
+import { verifyAuth, verifyOAuth } from "../../../../../middleware/auth.js";
+import { e } from "../../../../../schemas/error.js";
+import { f } from "../../../../../schemas/field.js";
+import { r } from "../../../../../schemas/response.js";
+export const oauthProviderCallbackGet = new Hono().get('/oauth/:provider/callback', describeRoute({
+    tags: [TAGS.OAUTH_CONNECT],
+    summary: 'OAuth Callback',
+    description: 'Handles the callback from OAuth provider after user authorization',
+    responses: {
+        302: {
+            description: 'Redirect',
+        },
+        200: {
+            content: {
+                'application/json': {
+                    schema: resolver(r.OAuthCallbackResponse),
+                },
+            },
+            description: 'Success',
+        },
+        400: {
+            content: {
+                'application/json': {
+                    schema: resolver(z.union([
+                        e.OAuthStateMismatch.Schema,
+                        e.OAuthInvalidRequest.Schema,
+                        e.OAuthSessionExpired.Schema,
+                    ])),
+                },
+            },
+            description: 'State mismatch, session expired, or invalid request',
+        },
+        403: {
+            content: {
+                'application/json': {
+                    schema: resolver(z.union([
+                        e.OAuthEmailNotVerified.Schema,
+                        e.RegistrationEmailNotAllowed.Schema,
+                    ])),
+                },
+            },
+            description: 'Email not verified or registration email not allowed',
+        },
+        404: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.OAuthProviderNotFound.Schema),
+                },
+            },
+            description: 'OAuth provider not found',
+        },
+        409: {
+            content: {
+                'application/json': {
+                    schema: resolver(z.union([
+                        e.OAuthEmailConflict.Schema,
+                        e.OAuthAccountAlreadyLinked.Schema,
+                    ])),
+                },
+            },
+            description: 'Email conflict or account already linked',
+        },
+        502: {
+            content: {
+                'application/json': {
+                    schema: resolver(z.union([
+                        e.OAuthTokenExchangeFailed.Schema,
+                        e.OAuthUserInfoFailed.Schema,
+                    ])),
+                },
+            },
+            description: 'Token exchange failed or user info failed',
+        },
+    },
+}), validator('param', z.object({
+    provider: f.providerName,
+})), validator('query', z.object({
+    code: f.authorizationCode.optional(),
+    state: f.state.optional(),
+    error: z.string().optional(),
+    error_description: z.string().optional(),
+})), verifyAuth({ optional: true }), verifyOAuth({ optional: true }), async (c) => {
+    const { provider } = c.req.valid('param');
+    const { code, state, error, error_description } = c.req.valid('query');
+    const { session } = c.var;
+    const { config, oauthConnectService } = c.var.services;
+    const oauthSession = c.var.verifiedOAuth;
+    // Handle OAuth error response
+    if (error) {
+        const errorUrl = new URL('/login', config.server.public_origin);
+        errorUrl.searchParams.set('oauth_error', error);
+        if (error_description) {
+            errorUrl.searchParams.set('oauth_error_description', error_description);
+        }
+        if (oauthSession?.returnUrl) {
+            errorUrl.searchParams.set('redirect', oauthSession.returnUrl);
+        }
+        session.set('oauth', undefined);
+        return c.redirect(errorUrl.toString());
+    }
+    // Validate required parameters
+    if (!code || !state) {
+        throw new e.OAuthInvalidRequest.Error();
+    }
+    if (!oauthSession) {
+        throw new e.OAuthSessionExpired.Error();
+    }
+    const result = await oauthConnectService.processOAuthCallback({
+        provider,
+        code,
+        state,
+        oauthSession,
+        userSub: c.var.verifiedUser?.user.sub,
+        requestUrl: c.req.url,
+    });
+    // Clear OAuth session for all outcomes
+    session.set('oauth', undefined);
+    switch (result.action) {
+        case 'error_redirect':
+            return c.redirect(result.url);
+        case 'link_complete':
+            return c.redirect(result.returnUrl);
+        case 'terms_redirect':
+            return c.redirect(result.url);
+        case 'login_terms_redirect':
+            session.setUserSession(result.userSub);
+            return c.redirect(result.termsUrl);
+        case 'login_complete':
+            session.setUserSession(result.userSub);
+            return c.redirect(result.returnUrl || '/profile');
+    }
+});
+//# sourceMappingURL=get.js.map

package/dist/routes/api/oauth/_provider/callback/get.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.js","sourceRoot":"","sources":["../../../../../../src/routes/api/oauth/_provider/callback/get.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC;AAC5E,OAAO,EAAE,CAAC,EAAE,MAAM,iCAAiC,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,iCAAiC,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,oCAAoC,CAAC;AAEvD,MAAM,CAAC,MAAM,wBAAwB,GAAG,IAAI,IAAI,EAAU,CAAC,GAAG,CAC5D,2BAA2B,EAC3B,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC;IAC1B,OAAO,EAAE,gBAAgB;IACzB,WAAW,EACT,mEAAmE;IACrE,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,UAAU;SACxB;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC;iBAC1C;aACF;YACD,WAAW,EAAE,SAAS;SACvB;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,kBAAkB,CAAC,MAAM;wBAC3B,CAAC,CAAC,mBAAmB,CAAC,MAAM;wBAC5B,CAAC,CAAC,mBAAmB,CAAC,MAAM;qBAC7B,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,qDAAqD;SACnE;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,qBAAqB,CAAC,MAAM;wBAC9B,CAAC,CAAC,2BAA2B,CAAC,MAAM;qBACrC,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,sDAAsD;SACpE;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC,MAAM,CAAC;iBACjD;aACF;YACD,WAAW,EAAE,0BAA0B;SACxC;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,kBAAkB,CAAC,MAAM;wBAC3B,CAAC,CAAC,yBAAyB,CAAC,MAAM;qBACnC,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,0CAA0C;SACxD;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,wBAAwB,CAAC,MAAM;wBACjC,CAAC,CAAC,mBAAmB,CAAC,MAAM;qBAC7B,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,2CAA2C;SACzD;KACF;CACF,CAAC,EACF,SAAS,CACP,OAAO,EACP,CAAC,CAAC,MAAM,CAAC;IACP,QAAQ,EAAE,CAAC,CAAC,YAAY;CACzB,CAAC,CACH,EACD,SAAS,CACP,OAAO,EACP,CAAC,CAAC,MAAM,CAAC;IACP,IAAI,EAAE,CAAC,CAAC,iBAAiB,CAAC,QAAQ,EAAE;IACpC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE;IACzB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACzC,CAAC,CACH,EACD,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,EAC9B,WAAW,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,EAC/B,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACvE,MAAM,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC;IAC1B,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IACvD,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC;IAEzC,8BAA8B;IAC9B,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAChE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;QAChD,IAAI,iBAAiB,EAAE,CAAC;YACtB,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,yBAAyB,EAAE,iBAAiB,CAAC,CAAC;QAC1E,CAAC;QACD,IAAI,YAAY,EAAE,SAAS,EAAE,CAAC;YAC5B,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,YAAY,CAAC,SAAS,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAChC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;IAC1C,CAAC;IAED,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;IAC1C,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,oBAAoB,CAAC;QAC5D,QAAQ;QACR,IAAI;QACJ,KAAK;QACL,YAAY;QACZ,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,GAAG;QACrC,UAAU,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG;KACtB,CAAC,CAAC;IAEH,uCAAuC;IACvC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEhC,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;QACtB,KAAK,gBAAgB;YACnB,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChC,KAAK,eAAe;YAClB,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACtC,KAAK,gBAAgB;YACnB,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChC,KAAK,sBAAsB;YACzB,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvC,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACrC,KAAK,gBAAgB;YACnB,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvC,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,IAAI,UAAU,CAAC,CAAC;IACtD,CAAC;AACH,CAAC,CACF,CAAC"}

package/dist/routes/api/oauth/_provider/callback/post.d.ts

@@ -0,0 +1,23 @@
+import type { AppEnv } from '../../../../../lib/app-env.ts';
+export declare const oauthProviderCallbackPost: import("hono/hono-base").HonoBase<AppEnv, {
+    "/oauth/:provider/callback": {
+        $post: {
+            input: {
+                param: {
+                    provider: string;
+                };
+            } & {
+                form: {
+                    code?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    state?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    error?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    error_description?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                };
+            };
+            output: undefined;
+            outputFormat: "redirect";
+            status: 302;
+        };
+    };
+}, "/", "/oauth/:provider/callback">;
+//# sourceMappingURL=post.d.ts.map

package/dist/routes/api/oauth/_provider/callback/post.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../../../src/routes/api/oauth/_provider/callback/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AAgB5D,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;oCAoJrC,CAAC"}

package/dist/routes/api/oauth/_provider/callback/post.js

@@ -0,0 +1,140 @@
+import { Hono } from 'hono';
+import { describeRoute, resolver, validator } from 'hono-openapi';
+import { z } from 'zod';
+import { TAGS } from "../../../../../lib/swagger-tags.js";
+import { verifyAuth, verifyOAuth } from "../../../../../middleware/auth.js";
+import { e } from "../../../../../schemas/error.js";
+import { f } from "../../../../../schemas/field.js";
+import { r } from "../../../../../schemas/response.js";
+const OAuthProviderCallbackFormBody = z
+    .object({
+    code: f.authorizationCode.optional(),
+    state: f.state.optional(),
+    error: z.string().optional(),
+    error_description: z.string().optional(),
+})
+    .describe('OAuth provider callback payload');
+export const oauthProviderCallbackPost = new Hono().post('/oauth/:provider/callback', describeRoute({
+    tags: [TAGS.OAUTH_CONNECT],
+    summary: 'OAuth Callback (POST)',
+    description: 'Handles the form_post callback from OAuth providers like Apple',
+    responses: {
+        302: {
+            description: 'Redirect',
+        },
+        200: {
+            content: {
+                'application/json': {
+                    schema: resolver(r.OAuthCallbackResponse),
+                },
+            },
+            description: 'Success',
+        },
+        400: {
+            content: {
+                'application/json': {
+                    schema: resolver(z.union([
+                        e.OAuthStateMismatch.Schema,
+                        e.OAuthInvalidRequest.Schema,
+                        e.OAuthSessionExpired.Schema,
+                    ])),
+                },
+            },
+            description: 'State mismatch, session expired, or invalid request',
+        },
+        403: {
+            content: {
+                'application/json': {
+                    schema: resolver(z.union([
+                        e.OAuthEmailNotVerified.Schema,
+                        e.RegistrationEmailNotAllowed.Schema,
+                    ])),
+                },
+            },
+            description: 'Email not verified or registration email not allowed',
+        },
+        404: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.OAuthProviderNotFound.Schema),
+                },
+            },
+            description: 'OAuth provider not found',
+        },
+        409: {
+            content: {
+                'application/json': {
+                    schema: resolver(z.union([
+                        e.OAuthEmailConflict.Schema,
+                        e.OAuthAccountAlreadyLinked.Schema,
+                    ])),
+                },
+            },
+            description: 'Email conflict or account already linked',
+        },
+        502: {
+            content: {
+                'application/json': {
+                    schema: resolver(z.union([
+                        e.OAuthTokenExchangeFailed.Schema,
+                        e.OAuthUserInfoFailed.Schema,
+                    ])),
+                },
+            },
+            description: 'Token exchange failed or user info failed',
+        },
+    },
+}), validator('param', z.object({
+    provider: f.providerName,
+})), validator('form', OAuthProviderCallbackFormBody), verifyAuth({ optional: true }), verifyOAuth({ optional: true }), async (c) => {
+    const { provider } = c.req.valid('param');
+    const { code, state, error, error_description } = c.req.valid('form');
+    const { session } = c.var;
+    const { config, oauthConnectService } = c.var.services;
+    const oauthSession = c.var.verifiedOAuth;
+    // Handle OAuth error response
+    if (error) {
+        const errorUrl = new URL('/login', config.server.public_origin);
+        errorUrl.searchParams.set('oauth_error', error);
+        if (error_description) {
+            errorUrl.searchParams.set('oauth_error_description', error_description);
+        }
+        if (oauthSession?.returnUrl) {
+            errorUrl.searchParams.set('redirect', oauthSession.returnUrl);
+        }
+        session.set('oauth', undefined);
+        return c.redirect(errorUrl.toString());
+    }
+    // Validate required parameters
+    if (!code || !state) {
+        throw new e.OAuthInvalidRequest.Error();
+    }
+    if (!oauthSession) {
+        throw new e.OAuthSessionExpired.Error();
+    }
+    const result = await oauthConnectService.processOAuthCallback({
+        provider,
+        code,
+        state,
+        oauthSession,
+        userSub: c.var.verifiedUser?.user.sub,
+        requestUrl: c.req.url,
+    });
+    // Clear OAuth session for all outcomes
+    session.set('oauth', undefined);
+    switch (result.action) {
+        case 'error_redirect':
+            return c.redirect(result.url);
+        case 'link_complete':
+            return c.redirect(result.returnUrl);
+        case 'terms_redirect':
+            return c.redirect(result.url);
+        case 'login_terms_redirect':
+            session.setUserSession(result.userSub);
+            return c.redirect(result.termsUrl);
+        case 'login_complete':
+            session.setUserSession(result.userSub);
+            return c.redirect(result.returnUrl || '/profile');
+    }
+});
+//# sourceMappingURL=post.js.map

package/dist/routes/api/oauth/_provider/callback/post.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"post.js","sourceRoot":"","sources":["../../../../../../src/routes/api/oauth/_provider/callback/post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC;AAC5E,OAAO,EAAE,CAAC,EAAE,MAAM,iCAAiC,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,iCAAiC,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,oCAAoC,CAAC;AAEvD,MAAM,6BAA6B,GAAG,CAAC;KACpC,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,iBAAiB,CAAC,QAAQ,EAAE;IACpC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE;IACzB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACzC,CAAC;KACD,QAAQ,CAAC,iCAAiC,CAAC,CAAC;AAE/C,MAAM,CAAC,MAAM,yBAAyB,GAAG,IAAI,IAAI,EAAU,CAAC,IAAI,CAC9D,2BAA2B,EAC3B,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC;IAC1B,OAAO,EAAE,uBAAuB;IAChC,WAAW,EACT,gEAAgE;IAClE,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,UAAU;SACxB;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC;iBAC1C;aACF;YACD,WAAW,EAAE,SAAS;SACvB;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,kBAAkB,CAAC,MAAM;wBAC3B,CAAC,CAAC,mBAAmB,CAAC,MAAM;wBAC5B,CAAC,CAAC,mBAAmB,CAAC,MAAM;qBAC7B,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,qDAAqD;SACnE;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,qBAAqB,CAAC,MAAM;wBAC9B,CAAC,CAAC,2BAA2B,CAAC,MAAM;qBACrC,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,sDAAsD;SACpE;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC,MAAM,CAAC;iBACjD;aACF;YACD,WAAW,EAAE,0BAA0B;SACxC;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,kBAAkB,CAAC,MAAM;wBAC3B,CAAC,CAAC,yBAAyB,CAAC,MAAM;qBACnC,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,0CAA0C;SACxD;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,wBAAwB,CAAC,MAAM;wBACjC,CAAC,CAAC,mBAAmB,CAAC,MAAM;qBAC7B,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,2CAA2C;SACzD;KACF;CACF,CAAC,EACF,SAAS,CACP,OAAO,EACP,CAAC,CAAC,MAAM,CAAC;IACP,QAAQ,EAAE,CAAC,CAAC,YAAY;CACzB,CAAC,CACH,EACD,SAAS,CAAC,MAAM,EAAE,6BAA6B,CAAC,EAChD,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,EAC9B,WAAW,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,EAC/B,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACtE,MAAM,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC;IAC1B,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IACvD,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC;IAEzC,8BAA8B;IAC9B,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAChE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;QAChD,IAAI,iBAAiB,EAAE,CAAC;YACtB,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,yBAAyB,EAAE,iBAAiB,CAAC,CAAC;QAC1E,CAAC;QACD,IAAI,YAAY,EAAE,SAAS,EAAE,CAAC;YAC5B,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,YAAY,CAAC,SAAS,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAChC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;IAC1C,CAAC;IAED,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;IAC1C,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,oBAAoB,CAAC;QAC5D,QAAQ;QACR,IAAI;QACJ,KAAK;QACL,YAAY;QACZ,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,GAAG;QACrC,UAAU,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG;KACtB,CAAC,CAAC;IAEH,uCAAuC;IACvC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEhC,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;QACtB,KAAK,gBAAgB;YACnB,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChC,KAAK,eAAe;YAClB,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACtC,KAAK,gBAAgB;YACnB,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChC,KAAK,sBAAsB;YACzB,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvC,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACrC,KAAK,gBAAgB;YACnB,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACvC,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,IAAI,UAAU,CAAC,CAAC;IACtD,CAAC;AACH,CAAC,CACF,CAAC"}

package/dist/routes/api/oauth/_provider/delete.d.ts

@@ -0,0 +1,18 @@
+import type { AppEnv } from '../../../../lib/app-env.ts';
+export declare const oauthProviderDelete: import("hono/hono-base").HonoBase<AppEnv, {
+    "/oauth/:provider": {
+        $delete: {
+            input: {
+                param: {
+                    provider: string;
+                };
+            };
+            output: {
+                ok: true;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/", "/oauth/:provider">;
+//# sourceMappingURL=delete.d.ts.map

package/dist/routes/api/oauth/_provider/delete.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"delete.d.ts","sourceRoot":"","sources":["../../../../../src/routes/api/oauth/_provider/delete.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAQzD,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;2BAiE/B,CAAC"}

package/dist/routes/api/oauth/_provider/delete.js

@@ -0,0 +1,62 @@
+import { Hono } from 'hono';
+import { describeRoute, resolver, validator } from 'hono-openapi';
+import { z } from 'zod';
+import { OPENAPI_SECURITY } from "../../../../lib/openapi.js";
+import { TAGS } from "../../../../lib/swagger-tags.js";
+import { verifyAuth } from "../../../../middleware/auth.js";
+import { e } from "../../../../schemas/error.js";
+import { f } from "../../../../schemas/field.js";
+import { r } from "../../../../schemas/response.js";
+export const oauthProviderDelete = new Hono().delete('/oauth/:provider', describeRoute({
+    tags: [TAGS.OAUTH_CONNECT],
+    security: OPENAPI_SECURITY.cookieSession,
+    summary: 'Unlink OAuth Account',
+    description: 'Unlinks an OAuth provider from the current user',
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: resolver(r.OkResponse),
+                },
+            },
+            description: 'Success',
+        },
+        400: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.CannotUnlinkLastAuthMethod.Schema),
+                },
+            },
+            description: 'Cannot unlink last auth method',
+        },
+        401: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.Unauthorized.Schema),
+                },
+            },
+            description: 'Unauthorized',
+        },
+        404: {
+            content: {
+                'application/json': {
+                    schema: resolver(e.OAuthProviderNotFound.Schema),
+                },
+            },
+            description: 'OAuth provider not found, account not linked, or user not found',
+        },
+    },
+}), validator('param', z.object({
+    provider: f.providerName,
+})), verifyAuth(), async (c) => {
+    const params = c.req.valid('param');
+    const { user: userEntity } = c.var.verifiedUser;
+    const { oauthConnectService } = c.var.services;
+    const { provider } = params;
+    // Verify provider exists
+    oauthConnectService.getProvider(provider);
+    // Unlink the OAuth account
+    await oauthConnectService.unlinkOAuthAccount(userEntity.sub, provider);
+    return c.json({ ok: true }, 200);
+});
+//# sourceMappingURL=delete.js.map

package/dist/routes/api/oauth/_provider/delete.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"delete.js","sourceRoot":"","sources":["../../../../../src/routes/api/oauth/_provider/delete.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,iCAAiC,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAC5D,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AACjD,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AACjD,OAAO,EAAE,CAAC,EAAE,MAAM,iCAAiC,CAAC;AAEpD,MAAM,CAAC,MAAM,mBAAmB,GAAG,IAAI,IAAI,EAAU,CAAC,MAAM,CAC1D,kBAAkB,EAClB,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC;IAC1B,QAAQ,EAAE,gBAAgB,CAAC,aAAa;IACxC,OAAO,EAAE,sBAAsB;IAC/B,WAAW,EAAE,iDAAiD;IAC9D,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;iBAC/B;aACF;YACD,WAAW,EAAE,SAAS;SACvB;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,0BAA0B,CAAC,MAAM,CAAC;iBACtD;aACF;YACD,WAAW,EAAE,gCAAgC;SAC9C;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC;iBACxC;aACF;YACD,WAAW,EAAE,cAAc;SAC5B;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC,MAAM,CAAC;iBACjD;aACF;YACD,WAAW,EACT,iEAAiE;SACpE;KACF;CACF,CAAC,EACF,SAAS,CACP,OAAO,EACP,CAAC,CAAC,MAAM,CAAC;IACP,QAAQ,EAAE,CAAC,CAAC,YAAY;CACzB,CAAC,CACH,EACD,UAAU,EAAE,EACZ,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC;IAChD,MAAM,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IAE/C,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAE5B,yBAAyB;IACzB,mBAAmB,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAE1C,2BAA2B;IAC3B,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAEvE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAa,EAAE,EAAE,GAAG,CAAC,CAAC;AAC5C,CAAC,CACF,CAAC"}

package/dist/routes/api/oauth/index.d.ts

@@ -0,0 +1,76 @@
+import type { AppEnv } from '../../../lib/app-env.ts';
+export declare const oauthRoutes: import("hono/hono-base").HonoBase<AppEnv, import("hono/types").BlankSchema | import("hono/types").MergeSchemaPath<{
+    "/oauth/:provider/authorize": {
+        $get: {
+            input: {
+                param: {
+                    provider: string;
+                };
+            } & {
+                query: {
+                    mode?: string | string[];
+                    return_url?: string | string[];
+                };
+            };
+            output: undefined;
+            outputFormat: "redirect";
+            status: 302;
+        };
+    };
+}, "/"> | import("hono/types").MergeSchemaPath<{
+    "/oauth/:provider/callback": {
+        $get: {
+            input: {
+                param: {
+                    provider: string;
+                };
+            } & {
+                query: {
+                    code?: string | string[];
+                    state?: string | string[];
+                    error?: string | string[];
+                    error_description?: string | string[];
+                };
+            };
+            output: undefined;
+            outputFormat: "redirect";
+            status: 302;
+        };
+    };
+}, "/"> | import("hono/types").MergeSchemaPath<{
+    "/oauth/:provider/callback": {
+        $post: {
+            input: {
+                param: {
+                    provider: string;
+                };
+            } & {
+                form: {
+                    code?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    state?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    error?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                    error_description?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
+                };
+            };
+            output: undefined;
+            outputFormat: "redirect";
+            status: 302;
+        };
+    };
+}, "/"> | import("hono/types").MergeSchemaPath<{
+    "/oauth/:provider": {
+        $delete: {
+            input: {
+                param: {
+                    provider: string;
+                };
+            };
+            output: {
+                ok: true;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/">, "/", "/">;
+//# sourceMappingURL=index.d.ts.map

package/dist/routes/api/oauth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/routes/api/oauth/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAMtD,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAIU,CAAC"}