@xylex-group/athena 2.12.0 → 2.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (96) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +1190 -1184
  3. package/bin/athena-js.js +104 -76
  4. package/dist/admin.cjs +45 -0
  5. package/dist/admin.cjs.map +1 -0
  6. package/dist/admin.d.cts +64 -0
  7. package/dist/admin.d.ts +64 -0
  8. package/dist/admin.js +41 -0
  9. package/dist/admin.js.map +1 -0
  10. package/dist/athena-auth-url-oLux_57a.d.cts +377 -0
  11. package/dist/athena-auth-url-oLux_57a.d.ts +377 -0
  12. package/dist/browser.cjs +33 -46
  13. package/dist/browser.cjs.map +1 -1
  14. package/dist/browser.d.cts +12 -10
  15. package/dist/browser.d.ts +12 -10
  16. package/dist/browser.js +33 -46
  17. package/dist/browser.js.map +1 -1
  18. package/dist/cli/index.cjs +150 -48
  19. package/dist/cli/index.cjs.map +1 -1
  20. package/dist/cli/index.d.cts +14 -5
  21. package/dist/cli/index.d.ts +14 -5
  22. package/dist/cli/index.js +150 -49
  23. package/dist/cli/index.js.map +1 -1
  24. package/dist/{client-QUbAs7E8.d.ts → client-BJjUwDSg.d.cts} +109 -1448
  25. package/dist/{client-C3x75Zgn.d.cts → client-DVOKSYDI.d.ts} +109 -1448
  26. package/dist/cookies.cjs +18 -0
  27. package/dist/cookies.cjs.map +1 -1
  28. package/dist/cookies.d.cts +2 -1
  29. package/dist/cookies.d.ts +2 -1
  30. package/dist/cookies.js +17 -1
  31. package/dist/cookies.js.map +1 -1
  32. package/dist/{index-CVcQCGyG.d.ts → index-CFL9xbFR.d.cts} +2 -0
  33. package/dist/{index-CVcQCGyG.d.cts → index-UKJpunc6.d.ts} +2 -0
  34. package/dist/index.cjs +101 -46
  35. package/dist/index.cjs.map +1 -1
  36. package/dist/index.d.cts +13 -10
  37. package/dist/index.d.ts +13 -10
  38. package/dist/index.js +101 -47
  39. package/dist/index.js.map +1 -1
  40. package/dist/{model-form-CD1uhWSh.d.cts → model-form-Dw4zEL5a.d.cts} +2 -2
  41. package/dist/{model-form-Dm69I-oO.d.ts → model-form-yRg71q3H.d.ts} +2 -2
  42. package/dist/{module-CW3tWJ10.d.ts → module-DBteUIob.d.ts} +12 -9
  43. package/dist/{module-Cxcurfes.d.cts → module-yoX49uQC.d.cts} +12 -9
  44. package/dist/next/client.cjs +452 -46
  45. package/dist/next/client.cjs.map +1 -1
  46. package/dist/next/client.d.cts +7 -4
  47. package/dist/next/client.d.ts +7 -4
  48. package/dist/next/client.js +430 -47
  49. package/dist/next/client.js.map +1 -1
  50. package/dist/next/server.cjs +292 -46
  51. package/dist/next/server.cjs.map +1 -1
  52. package/dist/next/server.d.cts +81 -5
  53. package/dist/next/server.d.ts +81 -5
  54. package/dist/next/server.js +280 -47
  55. package/dist/next/server.js.map +1 -1
  56. package/dist/organization.cjs +72 -0
  57. package/dist/organization.cjs.map +1 -0
  58. package/dist/organization.d.cts +43 -0
  59. package/dist/organization.d.ts +43 -0
  60. package/dist/organization.js +70 -0
  61. package/dist/organization.js.map +1 -0
  62. package/dist/payload-BzVbUgY_.d.cts +219 -0
  63. package/dist/payload-DEOWN_oo.d.ts +219 -0
  64. package/dist/{pipeline-BAwb6Vzm.d.ts → pipeline-Bj6RWt1A.d.ts} +1 -1
  65. package/dist/{pipeline-B14jVK7J.d.cts → pipeline-Dwck-wZO.d.cts} +1 -1
  66. package/dist/react.cjs +2 -10
  67. package/dist/react.cjs.map +1 -1
  68. package/dist/react.d.cts +26 -7
  69. package/dist/react.d.ts +26 -7
  70. package/dist/react.js +2 -10
  71. package/dist/react.js.map +1 -1
  72. package/dist/session-cookie-detection-BqOp9mO6.d.cts +46 -0
  73. package/dist/session-cookie-detection-BqOp9mO6.d.ts +46 -0
  74. package/dist/social-providers.cjs +4189 -0
  75. package/dist/social-providers.cjs.map +1 -0
  76. package/dist/social-providers.d.cts +4948 -0
  77. package/dist/social-providers.d.ts +4948 -0
  78. package/dist/social-providers.js +4117 -0
  79. package/dist/social-providers.js.map +1 -0
  80. package/dist/{types-Cq4-NoB4.d.ts → types-BRP7sfSF.d.ts} +50 -2
  81. package/dist/{types-Dr849HD6.d.cts → types-BU8uJH_b.d.cts} +50 -2
  82. package/dist/{types-CwJCPpLD.d.ts → types-CH78O90i.d.cts} +2 -2
  83. package/dist/{types-CwJCPpLD.d.cts → types-CH78O90i.d.ts} +2 -2
  84. package/dist/{types-DMOoYnPS.d.cts → types-CjC9_5ZQ.d.cts} +3 -3
  85. package/dist/{types-BcVmPBP-.d.ts → types-DPgejxYC.d.ts} +3 -3
  86. package/dist/types-eAKAh71s.d.cts +1476 -0
  87. package/dist/types-eAKAh71s.d.ts +1476 -0
  88. package/dist/utils.cjs +438 -12
  89. package/dist/utils.cjs.map +1 -1
  90. package/dist/utils.d.cts +76 -11
  91. package/dist/utils.d.ts +76 -11
  92. package/dist/utils.js +390 -13
  93. package/dist/utils.js.map +1 -1
  94. package/package.json +49 -22
  95. package/dist/shared-0Kdc74lu.d.ts +0 -35
  96. package/dist/shared-C0wVICRv.d.cts +0 -35
package/dist/utils.cjs CHANGED
@@ -70,6 +70,13 @@ function readTrimmedString(value) {
70
70
  const trimmed = value.trim();
71
71
  return trimmed.length > 0 ? trimmed : null;
72
72
  }
73
+ function asNonEmptyString(value) {
74
+ if (typeof value !== "string") {
75
+ return void 0;
76
+ }
77
+ const normalized = value.trim();
78
+ return normalized.length > 0 ? normalized : void 0;
79
+ }
73
80
  function asNumber(value) {
74
81
  if (typeof value === "number" && Number.isFinite(value)) return value;
75
82
  if (typeof value === "string" && value.trim().length > 0) {
@@ -96,6 +103,46 @@ function parseBooleanFlag(rawValue, fallback) {
96
103
  return fallback;
97
104
  }
98
105
 
106
+ // src/utils/require-env.ts
107
+ function requireEnv(names, env) {
108
+ if (!names.length) {
109
+ throw new Error(
110
+ "requireEnv() requires at least one environment variable name."
111
+ );
112
+ }
113
+ const source = env ?? readProcessEnv();
114
+ for (const name of names) {
115
+ const value = source[name]?.trim();
116
+ if (value) {
117
+ return value;
118
+ }
119
+ }
120
+ throw new Error(
121
+ `Missing required environment variable. Expected one of: ${names.join(", ")}`
122
+ );
123
+ }
124
+ function readEnv(names, env) {
125
+ if (!names.length) {
126
+ return void 0;
127
+ }
128
+ const source = env ?? readProcessEnv();
129
+ for (const name of names) {
130
+ const value = source[name]?.trim();
131
+ if (value) {
132
+ return value;
133
+ }
134
+ }
135
+ return void 0;
136
+ }
137
+ function readProcessEnv() {
138
+ try {
139
+ const processEnv = globalThis.process?.env;
140
+ return processEnv ?? {};
141
+ } catch {
142
+ return {};
143
+ }
144
+ }
145
+
99
146
  // src/utils/hostname.ts
100
147
  var LOCAL_IPV4_PATTERN = /^127(?:\.\d{1,3}){3}$/;
101
148
  function isLocalHostname(hostname) {
@@ -112,13 +159,41 @@ function isLocalHostname(hostname) {
112
159
  return false;
113
160
  }
114
161
 
162
+ // src/utils/request-origin.ts
163
+ function isDynamicServerUsageError(error) {
164
+ if (!error || typeof error !== "object") {
165
+ return false;
166
+ }
167
+ const err = error;
168
+ if (err.digest === "DYNAMIC_SERVER_USAGE") {
169
+ return true;
170
+ }
171
+ return typeof err.message === "string" && err.message.includes("Dynamic server usage:");
172
+ }
173
+ function getOriginFromHeaders(headersList, options = {}) {
174
+ const origin = headersList.get("origin")?.trim();
175
+ if (origin) {
176
+ return origin;
177
+ }
178
+ const hostRaw = headersList.get("x-forwarded-host") ?? headersList.get("host");
179
+ const host = hostRaw?.split(",")[0]?.trim();
180
+ if (!host) {
181
+ return null;
182
+ }
183
+ const protoRaw = headersList.get("x-forwarded-proto");
184
+ const protoFirst = protoRaw?.split(",")[0]?.trim().toLowerCase();
185
+ const proto = protoFirst === "http" || protoFirst === "https" ? protoFirst : options.preferHttpWhenMissingProto ? "http" : "https";
186
+ return `${proto}://${host}`;
187
+ }
188
+
115
189
  // src/utils/auth-cookies.ts
116
- var DEFAULT_AUTH_COOKIE_PREFIXES = [
190
+ var ATHENA_AUTH_COOKIE_PREFIXES = [
117
191
  "athena-auth",
118
192
  "__Secure-athena-auth",
119
193
  "better-auth",
120
194
  "__Secure-better-auth"
121
195
  ];
196
+ var DEFAULT_AUTH_COOKIE_PREFIXES = ATHENA_AUTH_COOKIE_PREFIXES;
122
197
  function extractCookieNames(cookieHeader) {
123
198
  const names = /* @__PURE__ */ new Set();
124
199
  for (const rawCookie of cookieHeader.split(";")) {
@@ -180,9 +255,11 @@ function clearAuthCookies(options = {}) {
180
255
  if (!cookieHeader?.trim()) {
181
256
  return [];
182
257
  }
183
- const prefixes = options.prefixes?.length ? options.prefixes : [...DEFAULT_AUTH_COOKIE_PREFIXES];
258
+ const prefixes = options.prefixes?.length ? options.prefixes : [...ATHENA_AUTH_COOKIE_PREFIXES];
184
259
  const cookieNames = extractCookieNames(cookieHeader);
185
- const namesToClear = cookieNames.filter((name) => prefixes.some((prefix) => name.startsWith(prefix)));
260
+ const namesToClear = cookieNames.filter(
261
+ (name) => prefixes.some((prefix) => name.startsWith(prefix))
262
+ );
186
263
  if (namesToClear.length === 0) {
187
264
  return [];
188
265
  }
@@ -198,6 +275,295 @@ function clearAuthCookies(options = {}) {
198
275
  return namesToClear;
199
276
  }
200
277
 
278
+ // src/cookies/session-cookie-detection.ts
279
+ var SESSION_COOKIE_PATTERNS = [
280
+ /(?:^|;\s*)(?:__Secure-)?better-auth\.session_token=/,
281
+ /(?:^|;\s*)(?:__Secure-)?better-auth-session_token=/,
282
+ /(?:^|;\s*)(?:__Secure-)?athena-auth\.session-token=/,
283
+ /(?:^|;\s*)(?:__Secure-)?athena-auth-session-token=/,
284
+ /(?:^|;\s*)(?:__Secure-)?athena-auth\.session_token=/,
285
+ /(?:^|;\s*)(?:__Secure-)?athena-auth-session_token=/
286
+ ];
287
+ function hasAuthSessionCookie(cookieHeader) {
288
+ if (!cookieHeader) {
289
+ return false;
290
+ }
291
+ return SESSION_COOKIE_PATTERNS.some((pattern) => pattern.test(cookieHeader));
292
+ }
293
+
294
+ // src/utils/athena-auth-url.ts
295
+ var ATHENA_AUTH_PATH = "/api/auth";
296
+ var LOCAL_DEV_ORIGIN = "http://localhost:3000";
297
+ var DEFAULT_ATHENA_AUTH_ORIGIN = "https://auth.athena-auth.com";
298
+ var DEFAULT_ATHENA_AUTH_UPSTREAM_URL = DEFAULT_ATHENA_AUTH_ORIGIN;
299
+ var ATHENA_AUTH_UPSTREAM_ENV_KEYS = [
300
+ "ATHENA_AUTH_UPSTREAM_URL",
301
+ "ATHENA_AUTH_URL",
302
+ "NEXT_PUBLIC_ATHENA_AUTH_UPSTREAM_URL",
303
+ "NEXT_PUBLIC_ATHENA_AUTH_URL"
304
+ ];
305
+ var ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES = ATHENA_AUTH_UPSTREAM_ENV_KEYS;
306
+ var LEADING_SLASHES_REGEX = /^\/+/;
307
+ function stripTrailingSlashes(value) {
308
+ return value.replace(/\/+$/g, "");
309
+ }
310
+ function ensureLeadingSlash(value) {
311
+ return value.startsWith("/") ? value : `/${value}`;
312
+ }
313
+ function ensureAthenaAuthPath(pathname) {
314
+ const normalizedPath = stripTrailingSlashes(
315
+ ensureLeadingSlash(pathname.trim())
316
+ );
317
+ if (!normalizedPath || normalizedPath === "/") {
318
+ return ATHENA_AUTH_PATH;
319
+ }
320
+ if (normalizedPath.endsWith(ATHENA_AUTH_PATH)) {
321
+ return normalizedPath;
322
+ }
323
+ return `${normalizedPath}${ATHENA_AUTH_PATH}`;
324
+ }
325
+ function stripAthenaAuthPath(pathname) {
326
+ const normalizedPath = stripTrailingSlashes(
327
+ ensureLeadingSlash(pathname.trim())
328
+ );
329
+ if (!normalizedPath || normalizedPath === "/") {
330
+ return "/";
331
+ }
332
+ if (normalizedPath === ATHENA_AUTH_PATH) {
333
+ return "/";
334
+ }
335
+ if (normalizedPath.endsWith(ATHENA_AUTH_PATH)) {
336
+ const withoutAuthPath = normalizedPath.slice(0, -ATHENA_AUTH_PATH.length);
337
+ return withoutAuthPath ? ensureLeadingSlash(withoutAuthPath) : "/";
338
+ }
339
+ return normalizedPath;
340
+ }
341
+ function readProcessEnv2() {
342
+ try {
343
+ const maybeProcess = globalThis.process;
344
+ return maybeProcess?.env;
345
+ } catch {
346
+ return void 0;
347
+ }
348
+ }
349
+ function getBrowserOrigin() {
350
+ try {
351
+ const origin = globalThis.window?.location?.origin;
352
+ return typeof origin === "string" && origin.length > 0 ? origin : void 0;
353
+ } catch {
354
+ return void 0;
355
+ }
356
+ }
357
+ function isAbsoluteUrl(value) {
358
+ const trimmed = value.trim();
359
+ return trimmed.startsWith("http://") || trimmed.startsWith("https://");
360
+ }
361
+ function readAthenaAuthUpstreamUrlFromEnv(env) {
362
+ for (const key of ATHENA_AUTH_UPSTREAM_ENV_KEYS) {
363
+ const value = env[key]?.trim();
364
+ if (value) {
365
+ return value;
366
+ }
367
+ }
368
+ return void 0;
369
+ }
370
+ function resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl) {
371
+ if (typeof rawUpstreamUrl === "string") {
372
+ const trimmed = rawUpstreamUrl.trim();
373
+ return trimmed || void 0;
374
+ }
375
+ if (rawUpstreamUrl) {
376
+ return readAthenaAuthUpstreamUrlFromEnv(rawUpstreamUrl);
377
+ }
378
+ const processEnv = readProcessEnv2();
379
+ return processEnv ? readAthenaAuthUpstreamUrlFromEnv(processEnv) : void 0;
380
+ }
381
+ function normalizeAthenaAuthBaseUrl(urlOrPath) {
382
+ const trimmed = urlOrPath.trim();
383
+ if (!trimmed) {
384
+ return ATHENA_AUTH_PATH;
385
+ }
386
+ if (isAbsoluteUrl(trimmed)) {
387
+ const url = new URL(trimmed);
388
+ url.pathname = ensureAthenaAuthPath(url.pathname);
389
+ url.search = "";
390
+ url.hash = "";
391
+ return stripTrailingSlashes(url.toString());
392
+ }
393
+ return ensureAthenaAuthPath(trimmed);
394
+ }
395
+ function resolveAthenaAuthUpstreamUrl(rawUpstreamUrl) {
396
+ const configuredUpstream = resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl) || DEFAULT_ATHENA_AUTH_ORIGIN;
397
+ if (isAbsoluteUrl(configuredUpstream)) {
398
+ const upstreamUrl = new URL(configuredUpstream);
399
+ upstreamUrl.pathname = stripAthenaAuthPath(upstreamUrl.pathname);
400
+ upstreamUrl.search = "";
401
+ upstreamUrl.hash = "";
402
+ return stripTrailingSlashes(upstreamUrl.toString());
403
+ }
404
+ const normalizedPath = stripAthenaAuthPath(configuredUpstream);
405
+ return stripTrailingSlashes(
406
+ new URL(normalizedPath, LOCAL_DEV_ORIGIN).toString()
407
+ );
408
+ }
409
+ function resolveBrowserFacingOrigin(rawUpstreamUrl) {
410
+ if (resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl)) {
411
+ return `${resolveAthenaAuthUpstreamUrl(rawUpstreamUrl)}/`;
412
+ }
413
+ const browserOrigin = getBrowserOrigin();
414
+ if (browserOrigin) {
415
+ return `${browserOrigin}/`;
416
+ }
417
+ return `${LOCAL_DEV_ORIGIN}/`;
418
+ }
419
+ function resolvePreservedAthenaAuthBaseUrl(configuredAuthBaseUrl, rawUpstreamUrl) {
420
+ const trimmed = configuredAuthBaseUrl.trim();
421
+ const preservedConfiguredBaseUrl = trimmed || ATHENA_AUTH_PATH;
422
+ if (isAbsoluteUrl(preservedConfiguredBaseUrl)) {
423
+ return stripTrailingSlashes(preservedConfiguredBaseUrl);
424
+ }
425
+ return stripTrailingSlashes(
426
+ new URL(
427
+ ensureLeadingSlash(preservedConfiguredBaseUrl),
428
+ resolveBrowserFacingOrigin(rawUpstreamUrl)
429
+ ).toString()
430
+ );
431
+ }
432
+ function resolveAthenaAuthClientBaseUrl(configuredAuthBaseUrl, rawUpstreamUrl, options = {}) {
433
+ let baseInput;
434
+ if (typeof configuredAuthBaseUrl === "string") {
435
+ baseInput = configuredAuthBaseUrl;
436
+ } else if (configuredAuthBaseUrl) {
437
+ baseInput = readAthenaAuthUpstreamUrlFromEnv(configuredAuthBaseUrl) ?? ATHENA_AUTH_PATH;
438
+ } else {
439
+ const fromEnv = resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl);
440
+ baseInput = fromEnv ?? ATHENA_AUTH_PATH;
441
+ }
442
+ if (options.appendAuthPath === false) {
443
+ return resolvePreservedAthenaAuthBaseUrl(baseInput, rawUpstreamUrl);
444
+ }
445
+ const normalizedConfiguredBaseUrl = normalizeAthenaAuthBaseUrl(baseInput);
446
+ if (isAbsoluteUrl(normalizedConfiguredBaseUrl)) {
447
+ return normalizedConfiguredBaseUrl;
448
+ }
449
+ const browserOrigin = getBrowserOrigin();
450
+ if (browserOrigin) {
451
+ return stripTrailingSlashes(
452
+ new URL(normalizedConfiguredBaseUrl, browserOrigin).toString()
453
+ );
454
+ }
455
+ if (resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl)) {
456
+ const upstream = resolveAthenaAuthUpstreamUrl(rawUpstreamUrl);
457
+ return stripTrailingSlashes(
458
+ new URL(ATHENA_AUTH_PATH, `${upstream}/`).toString()
459
+ );
460
+ }
461
+ return stripTrailingSlashes(
462
+ new URL(normalizedConfiguredBaseUrl, LOCAL_DEV_ORIGIN).toString()
463
+ );
464
+ }
465
+ function resolveAthenaAuthRequestUrl(path, rawBaseUrl) {
466
+ const normalizedPath = path.replace(LEADING_SLASHES_REGEX, "");
467
+ const base = resolveAthenaAuthClientBaseUrl(rawBaseUrl);
468
+ return new URL(normalizedPath, `${base}/`).toString();
469
+ }
470
+ var ATHENA_AUTH_VERIFY_EMAIL_PATH = "verify-email";
471
+ var ATHENA_AUTH_GET_SESSION_PATH = "get-session";
472
+ var ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH = `${ATHENA_AUTH_PATH}/get-session`;
473
+ var AUTH_SESSION_PATH = ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH;
474
+ var ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM = "disableCookieCache";
475
+ var DISABLE_COOKIE_CACHE_QUERY_PARAM = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM;
476
+ var ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE = "true";
477
+ var DISABLE_COOKIE_CACHE_QUERY_VALUE = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE;
478
+ var ATHENA_SESSION_DATA_HEADER = "x-session-data";
479
+ var SESSION_DATA_HEADER = ATHENA_SESSION_DATA_HEADER;
480
+ function resolveEmailVerificationCallbackUrl(rawBaseUrl) {
481
+ return resolveAthenaAuthRequestUrl(ATHENA_AUTH_VERIFY_EMAIL_PATH, rawBaseUrl);
482
+ }
483
+ function createFreshSessionLookupUrl(baseUrl) {
484
+ const url = new URL(ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH, baseUrl);
485
+ url.searchParams.set(
486
+ ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM,
487
+ ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE
488
+ );
489
+ return url;
490
+ }
491
+
492
+ // src/utils/auth-routes.ts
493
+ var AUTH_DEFAULT_VIEW = "sign-in";
494
+ var AUTH_TWO_FACTOR_SEGMENT = "two-factor";
495
+ var AUTH_VIEW_BY_SEGMENT = {
496
+ "accept-invitation": "accept-invitation",
497
+ "check-email": "check-email",
498
+ "forget-password": "forgot-password",
499
+ "forgot-password": "forgot-password",
500
+ logout: "logout",
501
+ "reset-email-sent": "reset-email-sent",
502
+ "reset-password": "reset-password",
503
+ "sign-in": "sign-in",
504
+ "sign-up": "sign-up"
505
+ };
506
+ var AUTHENTICATED_REDIRECT_VIEW_SET = /* @__PURE__ */ new Set([
507
+ "sign-in",
508
+ "sign-up",
509
+ "forgot-password"
510
+ ]);
511
+ function resolveAuthViewFromSegment(segment) {
512
+ if (!segment) {
513
+ return AUTH_DEFAULT_VIEW;
514
+ }
515
+ return AUTH_VIEW_BY_SEGMENT[segment] ?? null;
516
+ }
517
+ function shouldRedirectAuthenticatedAuthView(view) {
518
+ return AUTHENTICATED_REDIRECT_VIEW_SET.has(view);
519
+ }
520
+ var AUTH_ROUTES = {
521
+ acceptInvitation: "/auth/accept-invitation",
522
+ appHome: "/",
523
+ checkEmail: "/auth/check-email",
524
+ forgotPassword: "/auth/forgot-password",
525
+ logout: "/auth/logout",
526
+ resetEmailSent: "/auth/reset-email-sent",
527
+ resetPassword: "/auth/reset-password",
528
+ signIn: "/auth/sign-in",
529
+ signUp: "/auth/sign-up",
530
+ socialCallback: "/auth/social-callback"
531
+ };
532
+ function createAuthRoutes(overrides = {}) {
533
+ return {
534
+ ...AUTH_ROUTES,
535
+ ...overrides
536
+ };
537
+ }
538
+ function createAuthModeRedirects(routes = AUTH_ROUTES) {
539
+ return {
540
+ "forgot-password": routes.forgotPassword,
541
+ login: routes.signIn,
542
+ logout: routes.logout,
543
+ "reset-password": routes.resetPassword,
544
+ signup: routes.signUp
545
+ };
546
+ }
547
+ var AUTH_MODE_REDIRECTS = createAuthModeRedirects();
548
+ var AUTH_MODE_SET = new Set(Object.keys(AUTH_MODE_REDIRECTS));
549
+ var AUTHENTICATED_REDIRECT_MODE_SET = /* @__PURE__ */ new Set([
550
+ "login",
551
+ "signup",
552
+ "forgot-password"
553
+ ]);
554
+ function isAuthMode(value) {
555
+ return AUTH_MODE_SET.has(value);
556
+ }
557
+ function shouldRedirectAuthenticatedAuthMode(mode) {
558
+ return AUTHENTICATED_REDIRECT_MODE_SET.has(mode);
559
+ }
560
+ function resolveAuthModeRedirect(mode, redirects = AUTH_MODE_REDIRECTS) {
561
+ if (!mode || !isAuthMode(mode)) {
562
+ return null;
563
+ }
564
+ return redirects[mode];
565
+ }
566
+
201
567
  // src/utils/proxy-request-headers.ts
202
568
  function proxyRequestHeaders(request) {
203
569
  const headers = new Headers(request.headers);
@@ -251,7 +617,7 @@ var getSessionCookie = (request, config) => {
251
617
 
252
618
  // src/utils/athena-request-headers.ts
253
619
  var NO_CACHE_HEADER_VALUE = "no-cache";
254
- var API_KEY_HEADER_CANDIDATES = ["x-api-key", "apikey"];
620
+ var API_KEY_HEADER_CANDIDATES = ["X-Athena-Key", "x-athena-key", "X-Api-Key", "x-api-key", "apikey"];
255
621
  var ATHENA_KEY_HEADER_CANDIDATES = ["X-Athena-Key", "x-athena-key"];
256
622
  var SESSION_TOKEN_HEADER_CANDIDATES = ["X-Athena-Auth-Session-Token"];
257
623
  var BEARER_MIRROR_HEADER_CANDIDATES = ["X-Athena-Auth-Bearer-Token"];
@@ -353,14 +719,6 @@ function buildServiceRequestHeaders(profile, sdkHeaderValue, config, options, ex
353
719
  });
354
720
  }
355
721
  function applyAthenaApiKeyHeaders(headers, apiKey, athenaKey) {
356
- if (apiKey) {
357
- if (!hasHeaderIgnoreCase(headers, "apikey")) {
358
- headers.apikey = apiKey;
359
- }
360
- if (!hasHeaderIgnoreCase(headers, "x-api-key")) {
361
- headers["x-api-key"] = apiKey;
362
- }
363
- }
364
722
  const resolvedAthenaKey = normalizeHeaderValue(athenaKey) ?? normalizeHeaderValue(apiKey);
365
723
  if (resolvedAthenaKey && !hasHeaderIgnoreCase(headers, "X-Athena-Key")) {
366
724
  headers["X-Athena-Key"] = resolvedAthenaKey;
@@ -420,6 +778,25 @@ function applyAthenaPgUriHeaders(headers, input) {
420
778
  }
421
779
  }
422
780
  }
781
+ function buildAthenaGatewayHeaders(input) {
782
+ const trimmedClientName = input.clientName?.trim();
783
+ const trimmedGatewayKey = input.gatewayKey?.trim();
784
+ const merged = {
785
+ ...trimmedClientName ? {
786
+ "X-Athena-Client": trimmedClientName
787
+ } : {},
788
+ ...trimmedGatewayKey ? {
789
+ "X-Api-Key": trimmedGatewayKey,
790
+ "X-Athena-Key": trimmedGatewayKey
791
+ } : {},
792
+ ...input.headers
793
+ };
794
+ return Object.fromEntries(
795
+ Object.entries(merged).flatMap(
796
+ ([key, value]) => typeof value === "string" && value.trim() ? [[key, value.trim()]] : []
797
+ )
798
+ );
799
+ }
423
800
  function buildAthenaRequestHeaders(input) {
424
801
  const forceNoCache = Boolean(input.forceNoCache);
425
802
  const mergedExtraHeaders = mergeExtraHeaders(input.configHeaders, input.callHeaders);
@@ -527,29 +904,78 @@ function sqlBigInt(value) {
527
904
  return `${BigInt(value).toString()}::bigint`;
528
905
  }
529
906
 
907
+ exports.ATHENA_AUTH_COOKIE_PREFIXES = ATHENA_AUTH_COOKIE_PREFIXES;
908
+ exports.ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM;
909
+ exports.ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE;
910
+ exports.ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH = ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH;
911
+ exports.ATHENA_AUTH_GET_SESSION_PATH = ATHENA_AUTH_GET_SESSION_PATH;
912
+ exports.ATHENA_AUTH_PATH = ATHENA_AUTH_PATH;
913
+ exports.ATHENA_AUTH_UPSTREAM_ENV_KEYS = ATHENA_AUTH_UPSTREAM_ENV_KEYS;
914
+ exports.ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES = ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES;
915
+ exports.ATHENA_AUTH_VERIFY_EMAIL_PATH = ATHENA_AUTH_VERIFY_EMAIL_PATH;
916
+ exports.ATHENA_SESSION_DATA_HEADER = ATHENA_SESSION_DATA_HEADER;
917
+ exports.AUTHENTICATED_REDIRECT_MODE_SET = AUTHENTICATED_REDIRECT_MODE_SET;
918
+ exports.AUTHENTICATED_REDIRECT_VIEW_SET = AUTHENTICATED_REDIRECT_VIEW_SET;
919
+ exports.AUTH_DEFAULT_VIEW = AUTH_DEFAULT_VIEW;
920
+ exports.AUTH_MODE_REDIRECTS = AUTH_MODE_REDIRECTS;
921
+ exports.AUTH_MODE_SET = AUTH_MODE_SET;
922
+ exports.AUTH_ROUTES = AUTH_ROUTES;
923
+ exports.AUTH_SESSION_PATH = AUTH_SESSION_PATH;
924
+ exports.AUTH_TWO_FACTOR_SEGMENT = AUTH_TWO_FACTOR_SEGMENT;
925
+ exports.AUTH_VIEW_BY_SEGMENT = AUTH_VIEW_BY_SEGMENT;
926
+ exports.DEFAULT_ATHENA_AUTH_ORIGIN = DEFAULT_ATHENA_AUTH_ORIGIN;
927
+ exports.DEFAULT_ATHENA_AUTH_UPSTREAM_URL = DEFAULT_ATHENA_AUTH_UPSTREAM_URL;
928
+ exports.DEFAULT_AUTH_COOKIE_PREFIXES = DEFAULT_AUTH_COOKIE_PREFIXES;
929
+ exports.DISABLE_COOKIE_CACHE_QUERY_PARAM = DISABLE_COOKIE_CACHE_QUERY_PARAM;
930
+ exports.DISABLE_COOKIE_CACHE_QUERY_VALUE = DISABLE_COOKIE_CACHE_QUERY_VALUE;
931
+ exports.LOCAL_DEV_ORIGIN = LOCAL_DEV_ORIGIN;
932
+ exports.SESSION_COOKIE_PATTERNS = SESSION_COOKIE_PATTERNS;
933
+ exports.SESSION_DATA_HEADER = SESSION_DATA_HEADER;
530
934
  exports.applyAthenaApiKeyHeaders = applyAthenaApiKeyHeaders;
531
935
  exports.applyAthenaAuthContextHeaders = applyAthenaAuthContextHeaders;
532
936
  exports.applyAthenaPgUriHeaders = applyAthenaPgUriHeaders;
533
937
  exports.asBoolean = asBoolean;
534
938
  exports.asBooleanOrNull = asBooleanOrNull;
535
939
  exports.asIdentifier = asIdentifier;
940
+ exports.asNonEmptyString = asNonEmptyString;
536
941
  exports.asNumber = asNumber;
537
942
  exports.asRecord = asRecord;
538
943
  exports.asString = asString;
539
944
  exports.asStringArray = asStringArray;
945
+ exports.buildAthenaGatewayHeaders = buildAthenaGatewayHeaders;
540
946
  exports.buildAthenaRequestHeaders = buildAthenaRequestHeaders;
541
947
  exports.buildServiceRequestHeaders = buildServiceRequestHeaders;
542
948
  exports.clearAuthCookies = clearAuthCookies;
949
+ exports.createAuthModeRedirects = createAuthModeRedirects;
950
+ exports.createAuthRoutes = createAuthRoutes;
951
+ exports.createFreshSessionLookupUrl = createFreshSessionLookupUrl;
543
952
  exports.escapeLikePatternValue = escapeLikePatternValue;
544
953
  exports.firstString = firstString;
954
+ exports.getOriginFromHeaders = getOriginFromHeaders;
955
+ exports.hasAuthSessionCookie = hasAuthSessionCookie;
545
956
  exports.hasHeaderIgnoreCase = hasHeaderIgnoreCase;
957
+ exports.isAbsoluteUrl = isAbsoluteUrl;
958
+ exports.isAuthMode = isAuthMode;
959
+ exports.isDynamicServerUsageError = isDynamicServerUsageError;
546
960
  exports.isLocalHostname = isLocalHostname;
961
+ exports.normalizeAthenaAuthBaseUrl = normalizeAthenaAuthBaseUrl;
547
962
  exports.parseBooleanFlag = parseBooleanFlag;
548
963
  exports.proxyRequestHeaders = proxyRequestHeaders;
549
964
  exports.quoteSqlStringLiteral = quoteSqlStringLiteral;
965
+ exports.readAthenaAuthUpstreamUrlFromEnv = readAthenaAuthUpstreamUrlFromEnv;
966
+ exports.readEnv = readEnv;
550
967
  exports.readTrimmedString = readTrimmedString;
968
+ exports.requireEnv = requireEnv;
969
+ exports.resolveAthenaAuthClientBaseUrl = resolveAthenaAuthClientBaseUrl;
970
+ exports.resolveAthenaAuthRequestUrl = resolveAthenaAuthRequestUrl;
971
+ exports.resolveAthenaAuthUpstreamUrl = resolveAthenaAuthUpstreamUrl;
972
+ exports.resolveAuthModeRedirect = resolveAuthModeRedirect;
973
+ exports.resolveAuthViewFromSegment = resolveAuthViewFromSegment;
974
+ exports.resolveEmailVerificationCallbackUrl = resolveEmailVerificationCallbackUrl;
551
975
  exports.resolveHeaderValue = resolveHeaderValue;
552
976
  exports.resolveRequestHeaderOverrides = resolveRequestHeaderOverrides;
977
+ exports.shouldRedirectAuthenticatedAuthMode = shouldRedirectAuthenticatedAuthMode;
978
+ exports.shouldRedirectAuthenticatedAuthView = shouldRedirectAuthenticatedAuthView;
553
979
  exports.slugify = slugify;
554
980
  exports.sqlBigInt = sqlBigInt;
555
981
  exports.sqlJsonbLiteral = sqlJsonbLiteral;