@xylex-group/athena 2.12.0 → 2.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -21
- package/README.md +1190 -1184
- package/bin/athena-js.js +104 -76
- package/dist/admin.cjs +45 -0
- package/dist/admin.cjs.map +1 -0
- package/dist/admin.d.cts +64 -0
- package/dist/admin.d.ts +64 -0
- package/dist/admin.js +41 -0
- package/dist/admin.js.map +1 -0
- package/dist/athena-auth-url-oLux_57a.d.cts +377 -0
- package/dist/athena-auth-url-oLux_57a.d.ts +377 -0
- package/dist/browser.cjs +33 -46
- package/dist/browser.cjs.map +1 -1
- package/dist/browser.d.cts +12 -10
- package/dist/browser.d.ts +12 -10
- package/dist/browser.js +33 -46
- package/dist/browser.js.map +1 -1
- package/dist/cli/index.cjs +150 -48
- package/dist/cli/index.cjs.map +1 -1
- package/dist/cli/index.d.cts +14 -5
- package/dist/cli/index.d.ts +14 -5
- package/dist/cli/index.js +150 -49
- package/dist/cli/index.js.map +1 -1
- package/dist/{client-QUbAs7E8.d.ts → client-BJjUwDSg.d.cts} +109 -1448
- package/dist/{client-C3x75Zgn.d.cts → client-DVOKSYDI.d.ts} +109 -1448
- package/dist/cookies.cjs +18 -0
- package/dist/cookies.cjs.map +1 -1
- package/dist/cookies.d.cts +2 -1
- package/dist/cookies.d.ts +2 -1
- package/dist/cookies.js +17 -1
- package/dist/cookies.js.map +1 -1
- package/dist/{index-CVcQCGyG.d.ts → index-CFL9xbFR.d.cts} +2 -0
- package/dist/{index-CVcQCGyG.d.cts → index-UKJpunc6.d.ts} +2 -0
- package/dist/index.cjs +101 -46
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +13 -10
- package/dist/index.d.ts +13 -10
- package/dist/index.js +101 -47
- package/dist/index.js.map +1 -1
- package/dist/{model-form-CD1uhWSh.d.cts → model-form-Dw4zEL5a.d.cts} +2 -2
- package/dist/{model-form-Dm69I-oO.d.ts → model-form-yRg71q3H.d.ts} +2 -2
- package/dist/{module-CW3tWJ10.d.ts → module-DBteUIob.d.ts} +12 -9
- package/dist/{module-Cxcurfes.d.cts → module-yoX49uQC.d.cts} +12 -9
- package/dist/next/client.cjs +452 -46
- package/dist/next/client.cjs.map +1 -1
- package/dist/next/client.d.cts +7 -4
- package/dist/next/client.d.ts +7 -4
- package/dist/next/client.js +430 -47
- package/dist/next/client.js.map +1 -1
- package/dist/next/server.cjs +292 -46
- package/dist/next/server.cjs.map +1 -1
- package/dist/next/server.d.cts +81 -5
- package/dist/next/server.d.ts +81 -5
- package/dist/next/server.js +280 -47
- package/dist/next/server.js.map +1 -1
- package/dist/organization.cjs +72 -0
- package/dist/organization.cjs.map +1 -0
- package/dist/organization.d.cts +43 -0
- package/dist/organization.d.ts +43 -0
- package/dist/organization.js +70 -0
- package/dist/organization.js.map +1 -0
- package/dist/payload-BzVbUgY_.d.cts +219 -0
- package/dist/payload-DEOWN_oo.d.ts +219 -0
- package/dist/{pipeline-BAwb6Vzm.d.ts → pipeline-Bj6RWt1A.d.ts} +1 -1
- package/dist/{pipeline-B14jVK7J.d.cts → pipeline-Dwck-wZO.d.cts} +1 -1
- package/dist/react.cjs +2 -10
- package/dist/react.cjs.map +1 -1
- package/dist/react.d.cts +26 -7
- package/dist/react.d.ts +26 -7
- package/dist/react.js +2 -10
- package/dist/react.js.map +1 -1
- package/dist/session-cookie-detection-BqOp9mO6.d.cts +46 -0
- package/dist/session-cookie-detection-BqOp9mO6.d.ts +46 -0
- package/dist/social-providers.cjs +4189 -0
- package/dist/social-providers.cjs.map +1 -0
- package/dist/social-providers.d.cts +4948 -0
- package/dist/social-providers.d.ts +4948 -0
- package/dist/social-providers.js +4117 -0
- package/dist/social-providers.js.map +1 -0
- package/dist/{types-Cq4-NoB4.d.ts → types-BRP7sfSF.d.ts} +50 -2
- package/dist/{types-Dr849HD6.d.cts → types-BU8uJH_b.d.cts} +50 -2
- package/dist/{types-CwJCPpLD.d.ts → types-CH78O90i.d.cts} +2 -2
- package/dist/{types-CwJCPpLD.d.cts → types-CH78O90i.d.ts} +2 -2
- package/dist/{types-DMOoYnPS.d.cts → types-CjC9_5ZQ.d.cts} +3 -3
- package/dist/{types-BcVmPBP-.d.ts → types-DPgejxYC.d.ts} +3 -3
- package/dist/types-eAKAh71s.d.cts +1476 -0
- package/dist/types-eAKAh71s.d.ts +1476 -0
- package/dist/utils.cjs +438 -12
- package/dist/utils.cjs.map +1 -1
- package/dist/utils.d.cts +76 -11
- package/dist/utils.d.ts +76 -11
- package/dist/utils.js +390 -13
- package/dist/utils.js.map +1 -1
- package/package.json +49 -22
- package/dist/shared-0Kdc74lu.d.ts +0 -35
- package/dist/shared-C0wVICRv.d.cts +0 -35
package/dist/utils.cjs
CHANGED
|
@@ -70,6 +70,13 @@ function readTrimmedString(value) {
|
|
|
70
70
|
const trimmed = value.trim();
|
|
71
71
|
return trimmed.length > 0 ? trimmed : null;
|
|
72
72
|
}
|
|
73
|
+
function asNonEmptyString(value) {
|
|
74
|
+
if (typeof value !== "string") {
|
|
75
|
+
return void 0;
|
|
76
|
+
}
|
|
77
|
+
const normalized = value.trim();
|
|
78
|
+
return normalized.length > 0 ? normalized : void 0;
|
|
79
|
+
}
|
|
73
80
|
function asNumber(value) {
|
|
74
81
|
if (typeof value === "number" && Number.isFinite(value)) return value;
|
|
75
82
|
if (typeof value === "string" && value.trim().length > 0) {
|
|
@@ -96,6 +103,46 @@ function parseBooleanFlag(rawValue, fallback) {
|
|
|
96
103
|
return fallback;
|
|
97
104
|
}
|
|
98
105
|
|
|
106
|
+
// src/utils/require-env.ts
|
|
107
|
+
function requireEnv(names, env) {
|
|
108
|
+
if (!names.length) {
|
|
109
|
+
throw new Error(
|
|
110
|
+
"requireEnv() requires at least one environment variable name."
|
|
111
|
+
);
|
|
112
|
+
}
|
|
113
|
+
const source = env ?? readProcessEnv();
|
|
114
|
+
for (const name of names) {
|
|
115
|
+
const value = source[name]?.trim();
|
|
116
|
+
if (value) {
|
|
117
|
+
return value;
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
throw new Error(
|
|
121
|
+
`Missing required environment variable. Expected one of: ${names.join(", ")}`
|
|
122
|
+
);
|
|
123
|
+
}
|
|
124
|
+
function readEnv(names, env) {
|
|
125
|
+
if (!names.length) {
|
|
126
|
+
return void 0;
|
|
127
|
+
}
|
|
128
|
+
const source = env ?? readProcessEnv();
|
|
129
|
+
for (const name of names) {
|
|
130
|
+
const value = source[name]?.trim();
|
|
131
|
+
if (value) {
|
|
132
|
+
return value;
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
return void 0;
|
|
136
|
+
}
|
|
137
|
+
function readProcessEnv() {
|
|
138
|
+
try {
|
|
139
|
+
const processEnv = globalThis.process?.env;
|
|
140
|
+
return processEnv ?? {};
|
|
141
|
+
} catch {
|
|
142
|
+
return {};
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
|
|
99
146
|
// src/utils/hostname.ts
|
|
100
147
|
var LOCAL_IPV4_PATTERN = /^127(?:\.\d{1,3}){3}$/;
|
|
101
148
|
function isLocalHostname(hostname) {
|
|
@@ -112,13 +159,41 @@ function isLocalHostname(hostname) {
|
|
|
112
159
|
return false;
|
|
113
160
|
}
|
|
114
161
|
|
|
162
|
+
// src/utils/request-origin.ts
|
|
163
|
+
function isDynamicServerUsageError(error) {
|
|
164
|
+
if (!error || typeof error !== "object") {
|
|
165
|
+
return false;
|
|
166
|
+
}
|
|
167
|
+
const err = error;
|
|
168
|
+
if (err.digest === "DYNAMIC_SERVER_USAGE") {
|
|
169
|
+
return true;
|
|
170
|
+
}
|
|
171
|
+
return typeof err.message === "string" && err.message.includes("Dynamic server usage:");
|
|
172
|
+
}
|
|
173
|
+
function getOriginFromHeaders(headersList, options = {}) {
|
|
174
|
+
const origin = headersList.get("origin")?.trim();
|
|
175
|
+
if (origin) {
|
|
176
|
+
return origin;
|
|
177
|
+
}
|
|
178
|
+
const hostRaw = headersList.get("x-forwarded-host") ?? headersList.get("host");
|
|
179
|
+
const host = hostRaw?.split(",")[0]?.trim();
|
|
180
|
+
if (!host) {
|
|
181
|
+
return null;
|
|
182
|
+
}
|
|
183
|
+
const protoRaw = headersList.get("x-forwarded-proto");
|
|
184
|
+
const protoFirst = protoRaw?.split(",")[0]?.trim().toLowerCase();
|
|
185
|
+
const proto = protoFirst === "http" || protoFirst === "https" ? protoFirst : options.preferHttpWhenMissingProto ? "http" : "https";
|
|
186
|
+
return `${proto}://${host}`;
|
|
187
|
+
}
|
|
188
|
+
|
|
115
189
|
// src/utils/auth-cookies.ts
|
|
116
|
-
var
|
|
190
|
+
var ATHENA_AUTH_COOKIE_PREFIXES = [
|
|
117
191
|
"athena-auth",
|
|
118
192
|
"__Secure-athena-auth",
|
|
119
193
|
"better-auth",
|
|
120
194
|
"__Secure-better-auth"
|
|
121
195
|
];
|
|
196
|
+
var DEFAULT_AUTH_COOKIE_PREFIXES = ATHENA_AUTH_COOKIE_PREFIXES;
|
|
122
197
|
function extractCookieNames(cookieHeader) {
|
|
123
198
|
const names = /* @__PURE__ */ new Set();
|
|
124
199
|
for (const rawCookie of cookieHeader.split(";")) {
|
|
@@ -180,9 +255,11 @@ function clearAuthCookies(options = {}) {
|
|
|
180
255
|
if (!cookieHeader?.trim()) {
|
|
181
256
|
return [];
|
|
182
257
|
}
|
|
183
|
-
const prefixes = options.prefixes?.length ? options.prefixes : [...
|
|
258
|
+
const prefixes = options.prefixes?.length ? options.prefixes : [...ATHENA_AUTH_COOKIE_PREFIXES];
|
|
184
259
|
const cookieNames = extractCookieNames(cookieHeader);
|
|
185
|
-
const namesToClear = cookieNames.filter(
|
|
260
|
+
const namesToClear = cookieNames.filter(
|
|
261
|
+
(name) => prefixes.some((prefix) => name.startsWith(prefix))
|
|
262
|
+
);
|
|
186
263
|
if (namesToClear.length === 0) {
|
|
187
264
|
return [];
|
|
188
265
|
}
|
|
@@ -198,6 +275,295 @@ function clearAuthCookies(options = {}) {
|
|
|
198
275
|
return namesToClear;
|
|
199
276
|
}
|
|
200
277
|
|
|
278
|
+
// src/cookies/session-cookie-detection.ts
|
|
279
|
+
var SESSION_COOKIE_PATTERNS = [
|
|
280
|
+
/(?:^|;\s*)(?:__Secure-)?better-auth\.session_token=/,
|
|
281
|
+
/(?:^|;\s*)(?:__Secure-)?better-auth-session_token=/,
|
|
282
|
+
/(?:^|;\s*)(?:__Secure-)?athena-auth\.session-token=/,
|
|
283
|
+
/(?:^|;\s*)(?:__Secure-)?athena-auth-session-token=/,
|
|
284
|
+
/(?:^|;\s*)(?:__Secure-)?athena-auth\.session_token=/,
|
|
285
|
+
/(?:^|;\s*)(?:__Secure-)?athena-auth-session_token=/
|
|
286
|
+
];
|
|
287
|
+
function hasAuthSessionCookie(cookieHeader) {
|
|
288
|
+
if (!cookieHeader) {
|
|
289
|
+
return false;
|
|
290
|
+
}
|
|
291
|
+
return SESSION_COOKIE_PATTERNS.some((pattern) => pattern.test(cookieHeader));
|
|
292
|
+
}
|
|
293
|
+
|
|
294
|
+
// src/utils/athena-auth-url.ts
|
|
295
|
+
var ATHENA_AUTH_PATH = "/api/auth";
|
|
296
|
+
var LOCAL_DEV_ORIGIN = "http://localhost:3000";
|
|
297
|
+
var DEFAULT_ATHENA_AUTH_ORIGIN = "https://auth.athena-auth.com";
|
|
298
|
+
var DEFAULT_ATHENA_AUTH_UPSTREAM_URL = DEFAULT_ATHENA_AUTH_ORIGIN;
|
|
299
|
+
var ATHENA_AUTH_UPSTREAM_ENV_KEYS = [
|
|
300
|
+
"ATHENA_AUTH_UPSTREAM_URL",
|
|
301
|
+
"ATHENA_AUTH_URL",
|
|
302
|
+
"NEXT_PUBLIC_ATHENA_AUTH_UPSTREAM_URL",
|
|
303
|
+
"NEXT_PUBLIC_ATHENA_AUTH_URL"
|
|
304
|
+
];
|
|
305
|
+
var ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES = ATHENA_AUTH_UPSTREAM_ENV_KEYS;
|
|
306
|
+
var LEADING_SLASHES_REGEX = /^\/+/;
|
|
307
|
+
function stripTrailingSlashes(value) {
|
|
308
|
+
return value.replace(/\/+$/g, "");
|
|
309
|
+
}
|
|
310
|
+
function ensureLeadingSlash(value) {
|
|
311
|
+
return value.startsWith("/") ? value : `/${value}`;
|
|
312
|
+
}
|
|
313
|
+
function ensureAthenaAuthPath(pathname) {
|
|
314
|
+
const normalizedPath = stripTrailingSlashes(
|
|
315
|
+
ensureLeadingSlash(pathname.trim())
|
|
316
|
+
);
|
|
317
|
+
if (!normalizedPath || normalizedPath === "/") {
|
|
318
|
+
return ATHENA_AUTH_PATH;
|
|
319
|
+
}
|
|
320
|
+
if (normalizedPath.endsWith(ATHENA_AUTH_PATH)) {
|
|
321
|
+
return normalizedPath;
|
|
322
|
+
}
|
|
323
|
+
return `${normalizedPath}${ATHENA_AUTH_PATH}`;
|
|
324
|
+
}
|
|
325
|
+
function stripAthenaAuthPath(pathname) {
|
|
326
|
+
const normalizedPath = stripTrailingSlashes(
|
|
327
|
+
ensureLeadingSlash(pathname.trim())
|
|
328
|
+
);
|
|
329
|
+
if (!normalizedPath || normalizedPath === "/") {
|
|
330
|
+
return "/";
|
|
331
|
+
}
|
|
332
|
+
if (normalizedPath === ATHENA_AUTH_PATH) {
|
|
333
|
+
return "/";
|
|
334
|
+
}
|
|
335
|
+
if (normalizedPath.endsWith(ATHENA_AUTH_PATH)) {
|
|
336
|
+
const withoutAuthPath = normalizedPath.slice(0, -ATHENA_AUTH_PATH.length);
|
|
337
|
+
return withoutAuthPath ? ensureLeadingSlash(withoutAuthPath) : "/";
|
|
338
|
+
}
|
|
339
|
+
return normalizedPath;
|
|
340
|
+
}
|
|
341
|
+
function readProcessEnv2() {
|
|
342
|
+
try {
|
|
343
|
+
const maybeProcess = globalThis.process;
|
|
344
|
+
return maybeProcess?.env;
|
|
345
|
+
} catch {
|
|
346
|
+
return void 0;
|
|
347
|
+
}
|
|
348
|
+
}
|
|
349
|
+
function getBrowserOrigin() {
|
|
350
|
+
try {
|
|
351
|
+
const origin = globalThis.window?.location?.origin;
|
|
352
|
+
return typeof origin === "string" && origin.length > 0 ? origin : void 0;
|
|
353
|
+
} catch {
|
|
354
|
+
return void 0;
|
|
355
|
+
}
|
|
356
|
+
}
|
|
357
|
+
function isAbsoluteUrl(value) {
|
|
358
|
+
const trimmed = value.trim();
|
|
359
|
+
return trimmed.startsWith("http://") || trimmed.startsWith("https://");
|
|
360
|
+
}
|
|
361
|
+
function readAthenaAuthUpstreamUrlFromEnv(env) {
|
|
362
|
+
for (const key of ATHENA_AUTH_UPSTREAM_ENV_KEYS) {
|
|
363
|
+
const value = env[key]?.trim();
|
|
364
|
+
if (value) {
|
|
365
|
+
return value;
|
|
366
|
+
}
|
|
367
|
+
}
|
|
368
|
+
return void 0;
|
|
369
|
+
}
|
|
370
|
+
function resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl) {
|
|
371
|
+
if (typeof rawUpstreamUrl === "string") {
|
|
372
|
+
const trimmed = rawUpstreamUrl.trim();
|
|
373
|
+
return trimmed || void 0;
|
|
374
|
+
}
|
|
375
|
+
if (rawUpstreamUrl) {
|
|
376
|
+
return readAthenaAuthUpstreamUrlFromEnv(rawUpstreamUrl);
|
|
377
|
+
}
|
|
378
|
+
const processEnv = readProcessEnv2();
|
|
379
|
+
return processEnv ? readAthenaAuthUpstreamUrlFromEnv(processEnv) : void 0;
|
|
380
|
+
}
|
|
381
|
+
function normalizeAthenaAuthBaseUrl(urlOrPath) {
|
|
382
|
+
const trimmed = urlOrPath.trim();
|
|
383
|
+
if (!trimmed) {
|
|
384
|
+
return ATHENA_AUTH_PATH;
|
|
385
|
+
}
|
|
386
|
+
if (isAbsoluteUrl(trimmed)) {
|
|
387
|
+
const url = new URL(trimmed);
|
|
388
|
+
url.pathname = ensureAthenaAuthPath(url.pathname);
|
|
389
|
+
url.search = "";
|
|
390
|
+
url.hash = "";
|
|
391
|
+
return stripTrailingSlashes(url.toString());
|
|
392
|
+
}
|
|
393
|
+
return ensureAthenaAuthPath(trimmed);
|
|
394
|
+
}
|
|
395
|
+
function resolveAthenaAuthUpstreamUrl(rawUpstreamUrl) {
|
|
396
|
+
const configuredUpstream = resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl) || DEFAULT_ATHENA_AUTH_ORIGIN;
|
|
397
|
+
if (isAbsoluteUrl(configuredUpstream)) {
|
|
398
|
+
const upstreamUrl = new URL(configuredUpstream);
|
|
399
|
+
upstreamUrl.pathname = stripAthenaAuthPath(upstreamUrl.pathname);
|
|
400
|
+
upstreamUrl.search = "";
|
|
401
|
+
upstreamUrl.hash = "";
|
|
402
|
+
return stripTrailingSlashes(upstreamUrl.toString());
|
|
403
|
+
}
|
|
404
|
+
const normalizedPath = stripAthenaAuthPath(configuredUpstream);
|
|
405
|
+
return stripTrailingSlashes(
|
|
406
|
+
new URL(normalizedPath, LOCAL_DEV_ORIGIN).toString()
|
|
407
|
+
);
|
|
408
|
+
}
|
|
409
|
+
function resolveBrowserFacingOrigin(rawUpstreamUrl) {
|
|
410
|
+
if (resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl)) {
|
|
411
|
+
return `${resolveAthenaAuthUpstreamUrl(rawUpstreamUrl)}/`;
|
|
412
|
+
}
|
|
413
|
+
const browserOrigin = getBrowserOrigin();
|
|
414
|
+
if (browserOrigin) {
|
|
415
|
+
return `${browserOrigin}/`;
|
|
416
|
+
}
|
|
417
|
+
return `${LOCAL_DEV_ORIGIN}/`;
|
|
418
|
+
}
|
|
419
|
+
function resolvePreservedAthenaAuthBaseUrl(configuredAuthBaseUrl, rawUpstreamUrl) {
|
|
420
|
+
const trimmed = configuredAuthBaseUrl.trim();
|
|
421
|
+
const preservedConfiguredBaseUrl = trimmed || ATHENA_AUTH_PATH;
|
|
422
|
+
if (isAbsoluteUrl(preservedConfiguredBaseUrl)) {
|
|
423
|
+
return stripTrailingSlashes(preservedConfiguredBaseUrl);
|
|
424
|
+
}
|
|
425
|
+
return stripTrailingSlashes(
|
|
426
|
+
new URL(
|
|
427
|
+
ensureLeadingSlash(preservedConfiguredBaseUrl),
|
|
428
|
+
resolveBrowserFacingOrigin(rawUpstreamUrl)
|
|
429
|
+
).toString()
|
|
430
|
+
);
|
|
431
|
+
}
|
|
432
|
+
function resolveAthenaAuthClientBaseUrl(configuredAuthBaseUrl, rawUpstreamUrl, options = {}) {
|
|
433
|
+
let baseInput;
|
|
434
|
+
if (typeof configuredAuthBaseUrl === "string") {
|
|
435
|
+
baseInput = configuredAuthBaseUrl;
|
|
436
|
+
} else if (configuredAuthBaseUrl) {
|
|
437
|
+
baseInput = readAthenaAuthUpstreamUrlFromEnv(configuredAuthBaseUrl) ?? ATHENA_AUTH_PATH;
|
|
438
|
+
} else {
|
|
439
|
+
const fromEnv = resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl);
|
|
440
|
+
baseInput = fromEnv ?? ATHENA_AUTH_PATH;
|
|
441
|
+
}
|
|
442
|
+
if (options.appendAuthPath === false) {
|
|
443
|
+
return resolvePreservedAthenaAuthBaseUrl(baseInput, rawUpstreamUrl);
|
|
444
|
+
}
|
|
445
|
+
const normalizedConfiguredBaseUrl = normalizeAthenaAuthBaseUrl(baseInput);
|
|
446
|
+
if (isAbsoluteUrl(normalizedConfiguredBaseUrl)) {
|
|
447
|
+
return normalizedConfiguredBaseUrl;
|
|
448
|
+
}
|
|
449
|
+
const browserOrigin = getBrowserOrigin();
|
|
450
|
+
if (browserOrigin) {
|
|
451
|
+
return stripTrailingSlashes(
|
|
452
|
+
new URL(normalizedConfiguredBaseUrl, browserOrigin).toString()
|
|
453
|
+
);
|
|
454
|
+
}
|
|
455
|
+
if (resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl)) {
|
|
456
|
+
const upstream = resolveAthenaAuthUpstreamUrl(rawUpstreamUrl);
|
|
457
|
+
return stripTrailingSlashes(
|
|
458
|
+
new URL(ATHENA_AUTH_PATH, `${upstream}/`).toString()
|
|
459
|
+
);
|
|
460
|
+
}
|
|
461
|
+
return stripTrailingSlashes(
|
|
462
|
+
new URL(normalizedConfiguredBaseUrl, LOCAL_DEV_ORIGIN).toString()
|
|
463
|
+
);
|
|
464
|
+
}
|
|
465
|
+
function resolveAthenaAuthRequestUrl(path, rawBaseUrl) {
|
|
466
|
+
const normalizedPath = path.replace(LEADING_SLASHES_REGEX, "");
|
|
467
|
+
const base = resolveAthenaAuthClientBaseUrl(rawBaseUrl);
|
|
468
|
+
return new URL(normalizedPath, `${base}/`).toString();
|
|
469
|
+
}
|
|
470
|
+
var ATHENA_AUTH_VERIFY_EMAIL_PATH = "verify-email";
|
|
471
|
+
var ATHENA_AUTH_GET_SESSION_PATH = "get-session";
|
|
472
|
+
var ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH = `${ATHENA_AUTH_PATH}/get-session`;
|
|
473
|
+
var AUTH_SESSION_PATH = ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH;
|
|
474
|
+
var ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM = "disableCookieCache";
|
|
475
|
+
var DISABLE_COOKIE_CACHE_QUERY_PARAM = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM;
|
|
476
|
+
var ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE = "true";
|
|
477
|
+
var DISABLE_COOKIE_CACHE_QUERY_VALUE = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE;
|
|
478
|
+
var ATHENA_SESSION_DATA_HEADER = "x-session-data";
|
|
479
|
+
var SESSION_DATA_HEADER = ATHENA_SESSION_DATA_HEADER;
|
|
480
|
+
function resolveEmailVerificationCallbackUrl(rawBaseUrl) {
|
|
481
|
+
return resolveAthenaAuthRequestUrl(ATHENA_AUTH_VERIFY_EMAIL_PATH, rawBaseUrl);
|
|
482
|
+
}
|
|
483
|
+
function createFreshSessionLookupUrl(baseUrl) {
|
|
484
|
+
const url = new URL(ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH, baseUrl);
|
|
485
|
+
url.searchParams.set(
|
|
486
|
+
ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM,
|
|
487
|
+
ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE
|
|
488
|
+
);
|
|
489
|
+
return url;
|
|
490
|
+
}
|
|
491
|
+
|
|
492
|
+
// src/utils/auth-routes.ts
|
|
493
|
+
var AUTH_DEFAULT_VIEW = "sign-in";
|
|
494
|
+
var AUTH_TWO_FACTOR_SEGMENT = "two-factor";
|
|
495
|
+
var AUTH_VIEW_BY_SEGMENT = {
|
|
496
|
+
"accept-invitation": "accept-invitation",
|
|
497
|
+
"check-email": "check-email",
|
|
498
|
+
"forget-password": "forgot-password",
|
|
499
|
+
"forgot-password": "forgot-password",
|
|
500
|
+
logout: "logout",
|
|
501
|
+
"reset-email-sent": "reset-email-sent",
|
|
502
|
+
"reset-password": "reset-password",
|
|
503
|
+
"sign-in": "sign-in",
|
|
504
|
+
"sign-up": "sign-up"
|
|
505
|
+
};
|
|
506
|
+
var AUTHENTICATED_REDIRECT_VIEW_SET = /* @__PURE__ */ new Set([
|
|
507
|
+
"sign-in",
|
|
508
|
+
"sign-up",
|
|
509
|
+
"forgot-password"
|
|
510
|
+
]);
|
|
511
|
+
function resolveAuthViewFromSegment(segment) {
|
|
512
|
+
if (!segment) {
|
|
513
|
+
return AUTH_DEFAULT_VIEW;
|
|
514
|
+
}
|
|
515
|
+
return AUTH_VIEW_BY_SEGMENT[segment] ?? null;
|
|
516
|
+
}
|
|
517
|
+
function shouldRedirectAuthenticatedAuthView(view) {
|
|
518
|
+
return AUTHENTICATED_REDIRECT_VIEW_SET.has(view);
|
|
519
|
+
}
|
|
520
|
+
var AUTH_ROUTES = {
|
|
521
|
+
acceptInvitation: "/auth/accept-invitation",
|
|
522
|
+
appHome: "/",
|
|
523
|
+
checkEmail: "/auth/check-email",
|
|
524
|
+
forgotPassword: "/auth/forgot-password",
|
|
525
|
+
logout: "/auth/logout",
|
|
526
|
+
resetEmailSent: "/auth/reset-email-sent",
|
|
527
|
+
resetPassword: "/auth/reset-password",
|
|
528
|
+
signIn: "/auth/sign-in",
|
|
529
|
+
signUp: "/auth/sign-up",
|
|
530
|
+
socialCallback: "/auth/social-callback"
|
|
531
|
+
};
|
|
532
|
+
function createAuthRoutes(overrides = {}) {
|
|
533
|
+
return {
|
|
534
|
+
...AUTH_ROUTES,
|
|
535
|
+
...overrides
|
|
536
|
+
};
|
|
537
|
+
}
|
|
538
|
+
function createAuthModeRedirects(routes = AUTH_ROUTES) {
|
|
539
|
+
return {
|
|
540
|
+
"forgot-password": routes.forgotPassword,
|
|
541
|
+
login: routes.signIn,
|
|
542
|
+
logout: routes.logout,
|
|
543
|
+
"reset-password": routes.resetPassword,
|
|
544
|
+
signup: routes.signUp
|
|
545
|
+
};
|
|
546
|
+
}
|
|
547
|
+
var AUTH_MODE_REDIRECTS = createAuthModeRedirects();
|
|
548
|
+
var AUTH_MODE_SET = new Set(Object.keys(AUTH_MODE_REDIRECTS));
|
|
549
|
+
var AUTHENTICATED_REDIRECT_MODE_SET = /* @__PURE__ */ new Set([
|
|
550
|
+
"login",
|
|
551
|
+
"signup",
|
|
552
|
+
"forgot-password"
|
|
553
|
+
]);
|
|
554
|
+
function isAuthMode(value) {
|
|
555
|
+
return AUTH_MODE_SET.has(value);
|
|
556
|
+
}
|
|
557
|
+
function shouldRedirectAuthenticatedAuthMode(mode) {
|
|
558
|
+
return AUTHENTICATED_REDIRECT_MODE_SET.has(mode);
|
|
559
|
+
}
|
|
560
|
+
function resolveAuthModeRedirect(mode, redirects = AUTH_MODE_REDIRECTS) {
|
|
561
|
+
if (!mode || !isAuthMode(mode)) {
|
|
562
|
+
return null;
|
|
563
|
+
}
|
|
564
|
+
return redirects[mode];
|
|
565
|
+
}
|
|
566
|
+
|
|
201
567
|
// src/utils/proxy-request-headers.ts
|
|
202
568
|
function proxyRequestHeaders(request) {
|
|
203
569
|
const headers = new Headers(request.headers);
|
|
@@ -251,7 +617,7 @@ var getSessionCookie = (request, config) => {
|
|
|
251
617
|
|
|
252
618
|
// src/utils/athena-request-headers.ts
|
|
253
619
|
var NO_CACHE_HEADER_VALUE = "no-cache";
|
|
254
|
-
var API_KEY_HEADER_CANDIDATES = ["x-api-key", "apikey"];
|
|
620
|
+
var API_KEY_HEADER_CANDIDATES = ["X-Athena-Key", "x-athena-key", "X-Api-Key", "x-api-key", "apikey"];
|
|
255
621
|
var ATHENA_KEY_HEADER_CANDIDATES = ["X-Athena-Key", "x-athena-key"];
|
|
256
622
|
var SESSION_TOKEN_HEADER_CANDIDATES = ["X-Athena-Auth-Session-Token"];
|
|
257
623
|
var BEARER_MIRROR_HEADER_CANDIDATES = ["X-Athena-Auth-Bearer-Token"];
|
|
@@ -353,14 +719,6 @@ function buildServiceRequestHeaders(profile, sdkHeaderValue, config, options, ex
|
|
|
353
719
|
});
|
|
354
720
|
}
|
|
355
721
|
function applyAthenaApiKeyHeaders(headers, apiKey, athenaKey) {
|
|
356
|
-
if (apiKey) {
|
|
357
|
-
if (!hasHeaderIgnoreCase(headers, "apikey")) {
|
|
358
|
-
headers.apikey = apiKey;
|
|
359
|
-
}
|
|
360
|
-
if (!hasHeaderIgnoreCase(headers, "x-api-key")) {
|
|
361
|
-
headers["x-api-key"] = apiKey;
|
|
362
|
-
}
|
|
363
|
-
}
|
|
364
722
|
const resolvedAthenaKey = normalizeHeaderValue(athenaKey) ?? normalizeHeaderValue(apiKey);
|
|
365
723
|
if (resolvedAthenaKey && !hasHeaderIgnoreCase(headers, "X-Athena-Key")) {
|
|
366
724
|
headers["X-Athena-Key"] = resolvedAthenaKey;
|
|
@@ -420,6 +778,25 @@ function applyAthenaPgUriHeaders(headers, input) {
|
|
|
420
778
|
}
|
|
421
779
|
}
|
|
422
780
|
}
|
|
781
|
+
function buildAthenaGatewayHeaders(input) {
|
|
782
|
+
const trimmedClientName = input.clientName?.trim();
|
|
783
|
+
const trimmedGatewayKey = input.gatewayKey?.trim();
|
|
784
|
+
const merged = {
|
|
785
|
+
...trimmedClientName ? {
|
|
786
|
+
"X-Athena-Client": trimmedClientName
|
|
787
|
+
} : {},
|
|
788
|
+
...trimmedGatewayKey ? {
|
|
789
|
+
"X-Api-Key": trimmedGatewayKey,
|
|
790
|
+
"X-Athena-Key": trimmedGatewayKey
|
|
791
|
+
} : {},
|
|
792
|
+
...input.headers
|
|
793
|
+
};
|
|
794
|
+
return Object.fromEntries(
|
|
795
|
+
Object.entries(merged).flatMap(
|
|
796
|
+
([key, value]) => typeof value === "string" && value.trim() ? [[key, value.trim()]] : []
|
|
797
|
+
)
|
|
798
|
+
);
|
|
799
|
+
}
|
|
423
800
|
function buildAthenaRequestHeaders(input) {
|
|
424
801
|
const forceNoCache = Boolean(input.forceNoCache);
|
|
425
802
|
const mergedExtraHeaders = mergeExtraHeaders(input.configHeaders, input.callHeaders);
|
|
@@ -527,29 +904,78 @@ function sqlBigInt(value) {
|
|
|
527
904
|
return `${BigInt(value).toString()}::bigint`;
|
|
528
905
|
}
|
|
529
906
|
|
|
907
|
+
exports.ATHENA_AUTH_COOKIE_PREFIXES = ATHENA_AUTH_COOKIE_PREFIXES;
|
|
908
|
+
exports.ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM;
|
|
909
|
+
exports.ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE;
|
|
910
|
+
exports.ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH = ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH;
|
|
911
|
+
exports.ATHENA_AUTH_GET_SESSION_PATH = ATHENA_AUTH_GET_SESSION_PATH;
|
|
912
|
+
exports.ATHENA_AUTH_PATH = ATHENA_AUTH_PATH;
|
|
913
|
+
exports.ATHENA_AUTH_UPSTREAM_ENV_KEYS = ATHENA_AUTH_UPSTREAM_ENV_KEYS;
|
|
914
|
+
exports.ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES = ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES;
|
|
915
|
+
exports.ATHENA_AUTH_VERIFY_EMAIL_PATH = ATHENA_AUTH_VERIFY_EMAIL_PATH;
|
|
916
|
+
exports.ATHENA_SESSION_DATA_HEADER = ATHENA_SESSION_DATA_HEADER;
|
|
917
|
+
exports.AUTHENTICATED_REDIRECT_MODE_SET = AUTHENTICATED_REDIRECT_MODE_SET;
|
|
918
|
+
exports.AUTHENTICATED_REDIRECT_VIEW_SET = AUTHENTICATED_REDIRECT_VIEW_SET;
|
|
919
|
+
exports.AUTH_DEFAULT_VIEW = AUTH_DEFAULT_VIEW;
|
|
920
|
+
exports.AUTH_MODE_REDIRECTS = AUTH_MODE_REDIRECTS;
|
|
921
|
+
exports.AUTH_MODE_SET = AUTH_MODE_SET;
|
|
922
|
+
exports.AUTH_ROUTES = AUTH_ROUTES;
|
|
923
|
+
exports.AUTH_SESSION_PATH = AUTH_SESSION_PATH;
|
|
924
|
+
exports.AUTH_TWO_FACTOR_SEGMENT = AUTH_TWO_FACTOR_SEGMENT;
|
|
925
|
+
exports.AUTH_VIEW_BY_SEGMENT = AUTH_VIEW_BY_SEGMENT;
|
|
926
|
+
exports.DEFAULT_ATHENA_AUTH_ORIGIN = DEFAULT_ATHENA_AUTH_ORIGIN;
|
|
927
|
+
exports.DEFAULT_ATHENA_AUTH_UPSTREAM_URL = DEFAULT_ATHENA_AUTH_UPSTREAM_URL;
|
|
928
|
+
exports.DEFAULT_AUTH_COOKIE_PREFIXES = DEFAULT_AUTH_COOKIE_PREFIXES;
|
|
929
|
+
exports.DISABLE_COOKIE_CACHE_QUERY_PARAM = DISABLE_COOKIE_CACHE_QUERY_PARAM;
|
|
930
|
+
exports.DISABLE_COOKIE_CACHE_QUERY_VALUE = DISABLE_COOKIE_CACHE_QUERY_VALUE;
|
|
931
|
+
exports.LOCAL_DEV_ORIGIN = LOCAL_DEV_ORIGIN;
|
|
932
|
+
exports.SESSION_COOKIE_PATTERNS = SESSION_COOKIE_PATTERNS;
|
|
933
|
+
exports.SESSION_DATA_HEADER = SESSION_DATA_HEADER;
|
|
530
934
|
exports.applyAthenaApiKeyHeaders = applyAthenaApiKeyHeaders;
|
|
531
935
|
exports.applyAthenaAuthContextHeaders = applyAthenaAuthContextHeaders;
|
|
532
936
|
exports.applyAthenaPgUriHeaders = applyAthenaPgUriHeaders;
|
|
533
937
|
exports.asBoolean = asBoolean;
|
|
534
938
|
exports.asBooleanOrNull = asBooleanOrNull;
|
|
535
939
|
exports.asIdentifier = asIdentifier;
|
|
940
|
+
exports.asNonEmptyString = asNonEmptyString;
|
|
536
941
|
exports.asNumber = asNumber;
|
|
537
942
|
exports.asRecord = asRecord;
|
|
538
943
|
exports.asString = asString;
|
|
539
944
|
exports.asStringArray = asStringArray;
|
|
945
|
+
exports.buildAthenaGatewayHeaders = buildAthenaGatewayHeaders;
|
|
540
946
|
exports.buildAthenaRequestHeaders = buildAthenaRequestHeaders;
|
|
541
947
|
exports.buildServiceRequestHeaders = buildServiceRequestHeaders;
|
|
542
948
|
exports.clearAuthCookies = clearAuthCookies;
|
|
949
|
+
exports.createAuthModeRedirects = createAuthModeRedirects;
|
|
950
|
+
exports.createAuthRoutes = createAuthRoutes;
|
|
951
|
+
exports.createFreshSessionLookupUrl = createFreshSessionLookupUrl;
|
|
543
952
|
exports.escapeLikePatternValue = escapeLikePatternValue;
|
|
544
953
|
exports.firstString = firstString;
|
|
954
|
+
exports.getOriginFromHeaders = getOriginFromHeaders;
|
|
955
|
+
exports.hasAuthSessionCookie = hasAuthSessionCookie;
|
|
545
956
|
exports.hasHeaderIgnoreCase = hasHeaderIgnoreCase;
|
|
957
|
+
exports.isAbsoluteUrl = isAbsoluteUrl;
|
|
958
|
+
exports.isAuthMode = isAuthMode;
|
|
959
|
+
exports.isDynamicServerUsageError = isDynamicServerUsageError;
|
|
546
960
|
exports.isLocalHostname = isLocalHostname;
|
|
961
|
+
exports.normalizeAthenaAuthBaseUrl = normalizeAthenaAuthBaseUrl;
|
|
547
962
|
exports.parseBooleanFlag = parseBooleanFlag;
|
|
548
963
|
exports.proxyRequestHeaders = proxyRequestHeaders;
|
|
549
964
|
exports.quoteSqlStringLiteral = quoteSqlStringLiteral;
|
|
965
|
+
exports.readAthenaAuthUpstreamUrlFromEnv = readAthenaAuthUpstreamUrlFromEnv;
|
|
966
|
+
exports.readEnv = readEnv;
|
|
550
967
|
exports.readTrimmedString = readTrimmedString;
|
|
968
|
+
exports.requireEnv = requireEnv;
|
|
969
|
+
exports.resolveAthenaAuthClientBaseUrl = resolveAthenaAuthClientBaseUrl;
|
|
970
|
+
exports.resolveAthenaAuthRequestUrl = resolveAthenaAuthRequestUrl;
|
|
971
|
+
exports.resolveAthenaAuthUpstreamUrl = resolveAthenaAuthUpstreamUrl;
|
|
972
|
+
exports.resolveAuthModeRedirect = resolveAuthModeRedirect;
|
|
973
|
+
exports.resolveAuthViewFromSegment = resolveAuthViewFromSegment;
|
|
974
|
+
exports.resolveEmailVerificationCallbackUrl = resolveEmailVerificationCallbackUrl;
|
|
551
975
|
exports.resolveHeaderValue = resolveHeaderValue;
|
|
552
976
|
exports.resolveRequestHeaderOverrides = resolveRequestHeaderOverrides;
|
|
977
|
+
exports.shouldRedirectAuthenticatedAuthMode = shouldRedirectAuthenticatedAuthMode;
|
|
978
|
+
exports.shouldRedirectAuthenticatedAuthView = shouldRedirectAuthenticatedAuthView;
|
|
553
979
|
exports.slugify = slugify;
|
|
554
980
|
exports.sqlBigInt = sqlBigInt;
|
|
555
981
|
exports.sqlJsonbLiteral = sqlJsonbLiteral;
|