@xylex-group/athena 2.12.1 → 2.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -21
- package/README.md +1190 -1184
- package/bin/athena-js.js +104 -76
- package/dist/admin.cjs +45 -0
- package/dist/admin.cjs.map +1 -0
- package/dist/admin.d.cts +64 -0
- package/dist/admin.d.ts +64 -0
- package/dist/admin.js +41 -0
- package/dist/admin.js.map +1 -0
- package/dist/athena-auth-url-oLux_57a.d.cts +377 -0
- package/dist/athena-auth-url-oLux_57a.d.ts +377 -0
- package/dist/browser.cjs +33 -49
- package/dist/browser.cjs.map +1 -1
- package/dist/browser.d.cts +12 -10
- package/dist/browser.d.ts +12 -10
- package/dist/browser.js +33 -49
- package/dist/browser.js.map +1 -1
- package/dist/cli/index.cjs +150 -51
- package/dist/cli/index.cjs.map +1 -1
- package/dist/cli/index.d.cts +14 -5
- package/dist/cli/index.d.ts +14 -5
- package/dist/cli/index.js +150 -52
- package/dist/cli/index.js.map +1 -1
- package/dist/{client-CMtx5P4D.d.cts → client-BJjUwDSg.d.cts} +109 -1448
- package/dist/{client-Dre8H24u.d.ts → client-DVOKSYDI.d.ts} +109 -1448
- package/dist/cookies.cjs +18 -0
- package/dist/cookies.cjs.map +1 -1
- package/dist/cookies.d.cts +2 -1
- package/dist/cookies.d.ts +2 -1
- package/dist/cookies.js +17 -1
- package/dist/cookies.js.map +1 -1
- package/dist/{index-CVcQCGyG.d.ts → index-CFL9xbFR.d.cts} +2 -0
- package/dist/{index-CVcQCGyG.d.cts → index-UKJpunc6.d.ts} +2 -0
- package/dist/index.cjs +101 -49
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +13 -10
- package/dist/index.d.ts +13 -10
- package/dist/index.js +101 -50
- package/dist/index.js.map +1 -1
- package/dist/{model-form-DfTi8-D1.d.cts → model-form-Dw4zEL5a.d.cts} +2 -2
- package/dist/{model-form-CU0mWrF9.d.ts → model-form-yRg71q3H.d.ts} +2 -2
- package/dist/{module-DBGmbIuh.d.ts → module-DBteUIob.d.ts} +12 -9
- package/dist/{module-GoijrBXV.d.cts → module-yoX49uQC.d.cts} +12 -9
- package/dist/next/client.cjs +452 -49
- package/dist/next/client.cjs.map +1 -1
- package/dist/next/client.d.cts +7 -4
- package/dist/next/client.d.ts +7 -4
- package/dist/next/client.js +430 -50
- package/dist/next/client.js.map +1 -1
- package/dist/next/server.cjs +292 -49
- package/dist/next/server.cjs.map +1 -1
- package/dist/next/server.d.cts +81 -5
- package/dist/next/server.d.ts +81 -5
- package/dist/next/server.js +280 -50
- package/dist/next/server.js.map +1 -1
- package/dist/organization.cjs +72 -0
- package/dist/organization.cjs.map +1 -0
- package/dist/organization.d.cts +43 -0
- package/dist/organization.d.ts +43 -0
- package/dist/organization.js +70 -0
- package/dist/organization.js.map +1 -0
- package/dist/payload-BzVbUgY_.d.cts +219 -0
- package/dist/payload-DEOWN_oo.d.ts +219 -0
- package/dist/{pipeline-DrjU2vNA.d.ts → pipeline-Bj6RWt1A.d.ts} +1 -1
- package/dist/{pipeline-c7Gdm0qv.d.cts → pipeline-Dwck-wZO.d.cts} +1 -1
- package/dist/react.cjs +2 -13
- package/dist/react.cjs.map +1 -1
- package/dist/react.d.cts +26 -7
- package/dist/react.d.ts +26 -7
- package/dist/react.js +2 -13
- package/dist/react.js.map +1 -1
- package/dist/session-cookie-detection-BqOp9mO6.d.cts +46 -0
- package/dist/session-cookie-detection-BqOp9mO6.d.ts +46 -0
- package/dist/social-providers.cjs +4189 -0
- package/dist/social-providers.cjs.map +1 -0
- package/dist/social-providers.d.cts +4948 -0
- package/dist/social-providers.d.ts +4948 -0
- package/dist/social-providers.js +4117 -0
- package/dist/social-providers.js.map +1 -0
- package/dist/{types-Bez4HSbI.d.cts → types-BRP7sfSF.d.ts} +50 -2
- package/dist/{types-kPaHUqUa.d.ts → types-BU8uJH_b.d.cts} +50 -2
- package/dist/{types-BRUHGXo2.d.ts → types-CH78O90i.d.cts} +2 -2
- package/dist/{types-BRUHGXo2.d.cts → types-CH78O90i.d.ts} +2 -2
- package/dist/{types-BLizCLd1.d.cts → types-CjC9_5ZQ.d.cts} +3 -3
- package/dist/{types-DRRb0Fd0.d.ts → types-DPgejxYC.d.ts} +3 -3
- package/dist/types-eAKAh71s.d.cts +1476 -0
- package/dist/types-eAKAh71s.d.ts +1476 -0
- package/dist/utils.cjs +438 -15
- package/dist/utils.cjs.map +1 -1
- package/dist/utils.d.cts +76 -11
- package/dist/utils.d.ts +76 -11
- package/dist/utils.js +390 -16
- package/dist/utils.js.map +1 -1
- package/package.json +49 -22
- package/dist/shared-DZSGAmXs.d.cts +0 -35
- package/dist/shared-MMnVBBfy.d.ts +0 -35
|
@@ -0,0 +1,377 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cookie name prefixes treated as Athena Auth / Better Auth session material.
|
|
3
|
+
*
|
|
4
|
+
* Used by {@link clearAuthCookies} when matching `document.cookie` names
|
|
5
|
+
* (including `__Secure-` prefixed variants).
|
|
6
|
+
*
|
|
7
|
+
* | Prefix | Typical cookies |
|
|
8
|
+
* |--------|-----------------|
|
|
9
|
+
* | `athena-auth` | `athena-auth.session_token`, `athena-auth.session-token`, chunked `session_data.*` |
|
|
10
|
+
* | `__Secure-athena-auth` | HTTPS-prefixed Athena cookies |
|
|
11
|
+
* | `better-auth` | Legacy Better Auth session cookies |
|
|
12
|
+
* | `__Secure-better-auth` | HTTPS-prefixed Better Auth cookies |
|
|
13
|
+
*
|
|
14
|
+
* @see {@link clearAuthCookies}
|
|
15
|
+
* @see docs/auth-cookies.md
|
|
16
|
+
*/
|
|
17
|
+
declare const ATHENA_AUTH_COOKIE_PREFIXES: readonly ["athena-auth", "__Secure-athena-auth", "better-auth", "__Secure-better-auth"];
|
|
18
|
+
/** @deprecated Prefer {@link ATHENA_AUTH_COOKIE_PREFIXES}. */
|
|
19
|
+
declare const DEFAULT_AUTH_COOKIE_PREFIXES: readonly ["athena-auth", "__Secure-athena-auth", "better-auth", "__Secure-better-auth"];
|
|
20
|
+
interface ClearAuthCookiesOptions {
|
|
21
|
+
/**
|
|
22
|
+
* Name prefixes to clear. Defaults to {@link ATHENA_AUTH_COOKIE_PREFIXES}.
|
|
23
|
+
*/
|
|
24
|
+
prefixes?: string[];
|
|
25
|
+
/**
|
|
26
|
+
* Hostname used to build domain candidates (host + parent domains).
|
|
27
|
+
* Defaults to `window.location.hostname` when available.
|
|
28
|
+
*/
|
|
29
|
+
hostname?: string;
|
|
30
|
+
/**
|
|
31
|
+
* Cookie path attribute when expiring cookies.
|
|
32
|
+
* @default `/`
|
|
33
|
+
*/
|
|
34
|
+
path?: string;
|
|
35
|
+
/**
|
|
36
|
+
* Override cookie header to scan (tests). Defaults to `document.cookie`.
|
|
37
|
+
*/
|
|
38
|
+
cookieHeader?: string;
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Clears Athena Auth / Better Auth browser cookies by name prefix.
|
|
42
|
+
*
|
|
43
|
+
* Safe to call from server/SSR: returns `[]` when `document` is unavailable.
|
|
44
|
+
* Prefer this over local copies of cookie-clearing loops in app `signOut`
|
|
45
|
+
* helpers.
|
|
46
|
+
*
|
|
47
|
+
* Compared to a minimal `document.cookie = …; path=/` wipe, this helper also:
|
|
48
|
+
* - expires with `Max-Age=0`
|
|
49
|
+
* - tries host + parent domain attributes (for subdomain deployments)
|
|
50
|
+
* - skips domain attributes on localhost / local hostnames
|
|
51
|
+
*
|
|
52
|
+
* For the **app-host bridge** httpOnly cookie written by
|
|
53
|
+
* `createAthenaAuthSessionBridgeHandlers`, also call
|
|
54
|
+
* `clearAthenaAuthSessionOnAppHost()` from `@xylex-group/athena/next/client`
|
|
55
|
+
* (that cookie is not always visible to `document.cookie`).
|
|
56
|
+
*
|
|
57
|
+
* @param options - Optional prefixes, hostname, path, or cookie header override
|
|
58
|
+
* @returns Cookie names that matched and were targeted for deletion
|
|
59
|
+
*
|
|
60
|
+
* @example
|
|
61
|
+
* ```ts
|
|
62
|
+
* import { clearAuthCookies } from "@xylex-group/athena/utils"
|
|
63
|
+
*
|
|
64
|
+
* export async function signOut(options?: { redirect?: boolean }) {
|
|
65
|
+
* try {
|
|
66
|
+
* await authClient.signOut({ fetchOptions: { throw: true } })
|
|
67
|
+
* } catch (error) {
|
|
68
|
+
* console.error("[auth] Sign out failed:", error)
|
|
69
|
+
* } finally {
|
|
70
|
+
* clearAuthCookies()
|
|
71
|
+
* if (options?.redirect !== false && typeof window !== "undefined") {
|
|
72
|
+
* window.location.href = "/sign-in"
|
|
73
|
+
* }
|
|
74
|
+
* }
|
|
75
|
+
* }
|
|
76
|
+
* ```
|
|
77
|
+
*/
|
|
78
|
+
declare function clearAuthCookies(options?: ClearAuthCookiesOptions): string[];
|
|
79
|
+
|
|
80
|
+
/**
|
|
81
|
+
* Shared Athena Auth UI route segments, views, and redirect helpers.
|
|
82
|
+
*
|
|
83
|
+
* Aligned with `@xylex-group/athena-auth-ui` / Auth UI `routes.ts` so apps can
|
|
84
|
+
* import from `@xylex-group/athena/utils` instead of copying route maps.
|
|
85
|
+
*/
|
|
86
|
+
/**
|
|
87
|
+
* Canonical auth screen ids used by UI routing and middleware.
|
|
88
|
+
*
|
|
89
|
+
* Note: the canonical forgot-password view id is `forgot-password`. The URL
|
|
90
|
+
* segment `forget-password` is accepted as a legacy alias and maps to that view.
|
|
91
|
+
*/
|
|
92
|
+
type AuthView = 'sign-in' | 'sign-up' | 'forgot-password' | 'reset-password' | 'reset-email-sent' | 'check-email' | 'accept-invitation' | 'logout';
|
|
93
|
+
/** Default view when no path segment is present. */
|
|
94
|
+
declare const AUTH_DEFAULT_VIEW = "sign-in";
|
|
95
|
+
/** Optional two-factor path segment used by some app routers. */
|
|
96
|
+
declare const AUTH_TWO_FACTOR_SEGMENT = "two-factor";
|
|
97
|
+
/**
|
|
98
|
+
* Map of URL path segments → {@link AuthView}.
|
|
99
|
+
*
|
|
100
|
+
* Includes `forget-password` as a legacy alias for `forgot-password`.
|
|
101
|
+
*/
|
|
102
|
+
declare const AUTH_VIEW_BY_SEGMENT: Readonly<Record<string, AuthView>>;
|
|
103
|
+
/**
|
|
104
|
+
* Views that should bounce **authenticated** users away (e.g. to app home).
|
|
105
|
+
* Reset/check-email/logout stay reachable while signed in.
|
|
106
|
+
*/
|
|
107
|
+
declare const AUTHENTICATED_REDIRECT_VIEW_SET: Set<AuthView>;
|
|
108
|
+
/**
|
|
109
|
+
* Resolve an auth UI view from a single path segment.
|
|
110
|
+
*
|
|
111
|
+
* @param segment - e.g. `"sign-in"` from `/auth/[segment]`; `undefined` → default
|
|
112
|
+
* @returns Canonical {@link AuthView}, or `null` when the segment is unknown
|
|
113
|
+
*
|
|
114
|
+
* @example
|
|
115
|
+
* ```ts
|
|
116
|
+
* resolveAuthViewFromSegment(undefined) // "sign-in"
|
|
117
|
+
* resolveAuthViewFromSegment("forget-password") // "forgot-password"
|
|
118
|
+
* resolveAuthViewFromSegment("unknown") // null
|
|
119
|
+
* ```
|
|
120
|
+
*/
|
|
121
|
+
declare function resolveAuthViewFromSegment(segment: string | undefined): AuthView | null;
|
|
122
|
+
/**
|
|
123
|
+
* Whether an authenticated user should be redirected away from this auth view.
|
|
124
|
+
*
|
|
125
|
+
* @param view - Resolved auth view
|
|
126
|
+
*/
|
|
127
|
+
declare function shouldRedirectAuthenticatedAuthView(view: AuthView): boolean;
|
|
128
|
+
/**
|
|
129
|
+
* Default page routes under `/auth/*` for Next.js (or similar) apps.
|
|
130
|
+
*/
|
|
131
|
+
declare const AUTH_ROUTES: {
|
|
132
|
+
readonly acceptInvitation: "/auth/accept-invitation";
|
|
133
|
+
readonly appHome: "/";
|
|
134
|
+
readonly checkEmail: "/auth/check-email";
|
|
135
|
+
readonly forgotPassword: "/auth/forgot-password";
|
|
136
|
+
readonly logout: "/auth/logout";
|
|
137
|
+
readonly resetEmailSent: "/auth/reset-email-sent";
|
|
138
|
+
readonly resetPassword: "/auth/reset-password";
|
|
139
|
+
readonly signIn: "/auth/sign-in";
|
|
140
|
+
readonly signUp: "/auth/sign-up";
|
|
141
|
+
readonly socialCallback: "/auth/social-callback";
|
|
142
|
+
};
|
|
143
|
+
type AuthRoutes = Record<keyof typeof AUTH_ROUTES, string>;
|
|
144
|
+
/**
|
|
145
|
+
* Build an auth route map with optional path overrides.
|
|
146
|
+
*/
|
|
147
|
+
declare function createAuthRoutes(overrides?: Partial<AuthRoutes>): AuthRoutes;
|
|
148
|
+
/**
|
|
149
|
+
* Query/mode → path redirects used by legacy `?mode=` style entrypoints.
|
|
150
|
+
*/
|
|
151
|
+
interface AuthModeRedirects {
|
|
152
|
+
readonly 'forgot-password': string;
|
|
153
|
+
readonly login: string;
|
|
154
|
+
readonly logout: string;
|
|
155
|
+
readonly 'reset-password': string;
|
|
156
|
+
readonly signup: string;
|
|
157
|
+
}
|
|
158
|
+
declare function createAuthModeRedirects(routes?: AuthRoutes): AuthModeRedirects;
|
|
159
|
+
declare const AUTH_MODE_REDIRECTS: AuthModeRedirects;
|
|
160
|
+
type AuthMode = keyof AuthModeRedirects;
|
|
161
|
+
declare const AUTH_MODE_SET: Set<string>;
|
|
162
|
+
declare const AUTHENTICATED_REDIRECT_MODE_SET: Set<keyof AuthModeRedirects>;
|
|
163
|
+
/**
|
|
164
|
+
* Type guard for legacy auth `mode` query values (`login`, `signup`, …).
|
|
165
|
+
*/
|
|
166
|
+
declare function isAuthMode(value: string): value is AuthMode;
|
|
167
|
+
/**
|
|
168
|
+
* Whether an authenticated user should be redirected away from this auth mode.
|
|
169
|
+
*/
|
|
170
|
+
declare function shouldRedirectAuthenticatedAuthMode(mode: AuthMode): boolean;
|
|
171
|
+
/**
|
|
172
|
+
* Resolve a path for a legacy auth mode string.
|
|
173
|
+
*
|
|
174
|
+
* @returns Path from {@link AUTH_MODE_REDIRECTS}, or `null` if unknown
|
|
175
|
+
*/
|
|
176
|
+
declare function resolveAuthModeRedirect(mode: string | undefined, redirects?: AuthModeRedirects): string | null;
|
|
177
|
+
|
|
178
|
+
/**
|
|
179
|
+
* Resolve Athena Auth base / upstream URLs from env or explicit config.
|
|
180
|
+
*
|
|
181
|
+
* Mirrors the Athena Auth UI base-url contract so apps and the SDK share one
|
|
182
|
+
* precedence order for `ATHENA_AUTH_*` environment variables.
|
|
183
|
+
*/
|
|
184
|
+
/** Default browser/proxy path for same-origin auth routing. */
|
|
185
|
+
declare const ATHENA_AUTH_PATH = "/api/auth";
|
|
186
|
+
/** Fallback origin when no absolute upstream is configured (server-side). */
|
|
187
|
+
declare const LOCAL_DEV_ORIGIN = "http://localhost:3000";
|
|
188
|
+
/**
|
|
189
|
+
* Hosted Athena Auth origin used when no upstream override is supplied.
|
|
190
|
+
* Origin only — no `/api/auth` suffix.
|
|
191
|
+
*/
|
|
192
|
+
declare const DEFAULT_ATHENA_AUTH_ORIGIN = "https://auth.athena-auth.com";
|
|
193
|
+
/**
|
|
194
|
+
* @deprecated Prefer {@link DEFAULT_ATHENA_AUTH_ORIGIN}.
|
|
195
|
+
* Kept for callers that used the older name.
|
|
196
|
+
*/
|
|
197
|
+
declare const DEFAULT_ATHENA_AUTH_UPSTREAM_URL = "https://auth.athena-auth.com";
|
|
198
|
+
/**
|
|
199
|
+
* Environment keys checked (in order) for the Athena Auth upstream URL.
|
|
200
|
+
*
|
|
201
|
+
* Prefer server-only keys first so private upstream hosts are not forced to
|
|
202
|
+
* rely on `NEXT_PUBLIC_*` values.
|
|
203
|
+
*/
|
|
204
|
+
declare const ATHENA_AUTH_UPSTREAM_ENV_KEYS: readonly ["ATHENA_AUTH_UPSTREAM_URL", "ATHENA_AUTH_URL", "NEXT_PUBLIC_ATHENA_AUTH_UPSTREAM_URL", "NEXT_PUBLIC_ATHENA_AUTH_URL"];
|
|
205
|
+
/**
|
|
206
|
+
* Auth UI naming parity (`base-url.ts`).
|
|
207
|
+
* Same ordered list as {@link ATHENA_AUTH_UPSTREAM_ENV_KEYS}.
|
|
208
|
+
*/
|
|
209
|
+
declare const ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES: readonly ["ATHENA_AUTH_UPSTREAM_URL", "ATHENA_AUTH_URL", "NEXT_PUBLIC_ATHENA_AUTH_UPSTREAM_URL", "NEXT_PUBLIC_ATHENA_AUTH_URL"];
|
|
210
|
+
type AthenaAuthUpstreamEnvKey = (typeof ATHENA_AUTH_UPSTREAM_ENV_KEYS)[number];
|
|
211
|
+
/** Loose env map (Node `process.env` or a test fixture). */
|
|
212
|
+
type EnvLike = Record<string, string | undefined>;
|
|
213
|
+
type AthenaAuthUpstreamEnv = Partial<Record<AthenaAuthUpstreamEnvKey, string | undefined>> & EnvLike;
|
|
214
|
+
interface AthenaAuthClientBaseUrlOptions {
|
|
215
|
+
/**
|
|
216
|
+
* When `true` (default), ensure the client base ends with `/api/auth`.
|
|
217
|
+
* Set `false` when the auth server is mounted at a custom path or root.
|
|
218
|
+
*/
|
|
219
|
+
appendAuthPath?: boolean;
|
|
220
|
+
}
|
|
221
|
+
/**
|
|
222
|
+
* Returns `true` when the value is an absolute `http://` or `https://` URL.
|
|
223
|
+
*/
|
|
224
|
+
declare function isAbsoluteUrl(value: string): boolean;
|
|
225
|
+
/**
|
|
226
|
+
* Read the first non-empty Athena Auth upstream URL from an env-like map.
|
|
227
|
+
*
|
|
228
|
+
* @returns Trimmed URL string, or `undefined` when none of the keys are set
|
|
229
|
+
*/
|
|
230
|
+
declare function readAthenaAuthUpstreamUrlFromEnv(env: EnvLike): string | undefined;
|
|
231
|
+
/**
|
|
232
|
+
* Normalize a consumer-supplied auth base URL so it targets `/api/auth`
|
|
233
|
+
* (unless the path already ends with that segment).
|
|
234
|
+
*
|
|
235
|
+
* Absolute URLs keep origin and rewrite pathname; relative paths are ensured
|
|
236
|
+
* to end with `/api/auth`.
|
|
237
|
+
*
|
|
238
|
+
* @example
|
|
239
|
+
* ```ts
|
|
240
|
+
* normalizeAthenaAuthBaseUrl('https://auth.example.com')
|
|
241
|
+
* // => 'https://auth.example.com/api/auth'
|
|
242
|
+
*
|
|
243
|
+
* normalizeAthenaAuthBaseUrl('/api/auth')
|
|
244
|
+
* // => '/api/auth'
|
|
245
|
+
* ```
|
|
246
|
+
*/
|
|
247
|
+
declare function normalizeAthenaAuthBaseUrl(urlOrPath: string): string;
|
|
248
|
+
/**
|
|
249
|
+
* Resolve the **server-side** Athena Auth upstream origin (no `/api/auth` suffix).
|
|
250
|
+
*
|
|
251
|
+
* Used when proxying or calling the auth host directly from Node / edge.
|
|
252
|
+
*
|
|
253
|
+
* @param rawUpstreamUrl - Explicit URL, env map, or omit to read `process.env`
|
|
254
|
+
* @returns Origin like `https://auth.example.com` (no trailing slash)
|
|
255
|
+
*/
|
|
256
|
+
declare function resolveAthenaAuthUpstreamUrl(rawUpstreamUrl?: string | AthenaAuthUpstreamEnv): string;
|
|
257
|
+
/**
|
|
258
|
+
* Resolve the **browser-facing** auth client base URL.
|
|
259
|
+
*
|
|
260
|
+
* Default behavior appends `/api/auth` for same-origin proxying. Pass
|
|
261
|
+
* `{ appendAuthPath: false }` to keep a custom path or root mount.
|
|
262
|
+
*
|
|
263
|
+
* Overloads match common call styles from Athena Auth UI and app code:
|
|
264
|
+
* - `resolveAthenaAuthClientBaseUrl("https://auth.example.com")`
|
|
265
|
+
* - `resolveAthenaAuthClientBaseUrl(process.env)`
|
|
266
|
+
* - `resolveAthenaAuthClientBaseUrl(undefined)` → env + defaults
|
|
267
|
+
* - `resolveAthenaAuthClientBaseUrl(path, upstream, { appendAuthPath: false })`
|
|
268
|
+
*/
|
|
269
|
+
declare function resolveAthenaAuthClientBaseUrl(configuredAuthBaseUrl?: string | EnvLike, rawUpstreamUrl?: string | AthenaAuthUpstreamEnv, options?: AthenaAuthClientBaseUrlOptions): string;
|
|
270
|
+
declare function resolveAthenaAuthClientBaseUrl(configuredAuthBaseUrl: string, rawUpstreamUrl?: string | AthenaAuthUpstreamEnv, options?: AthenaAuthClientBaseUrlOptions): string;
|
|
271
|
+
/**
|
|
272
|
+
* Build an absolute Athena Auth request URL for a path under the client base.
|
|
273
|
+
*
|
|
274
|
+
* Resolves at **call time** (reads env when `rawBaseUrl` is omitted) so module
|
|
275
|
+
* load order does not freeze a stale URL.
|
|
276
|
+
*
|
|
277
|
+
* @param path - Path relative to the auth base (leading slashes stripped)
|
|
278
|
+
* @param rawBaseUrl - Optional base string or env map
|
|
279
|
+
*
|
|
280
|
+
* @example
|
|
281
|
+
* ```ts
|
|
282
|
+
* resolveAthenaAuthRequestUrl('get-session', 'https://auth.example.com')
|
|
283
|
+
* // => 'https://auth.example.com/api/auth/get-session'
|
|
284
|
+
* ```
|
|
285
|
+
*/
|
|
286
|
+
declare function resolveAthenaAuthRequestUrl(path: string, rawBaseUrl?: string | EnvLike): string;
|
|
287
|
+
/** Relative auth path for email verification (`GET /verify-email`). */
|
|
288
|
+
declare const ATHENA_AUTH_VERIFY_EMAIL_PATH = "verify-email";
|
|
289
|
+
/**
|
|
290
|
+
* Relative segment for session lookup (`GET /get-session`).
|
|
291
|
+
* Prefer with {@link resolveAthenaAuthRequestUrl} when `base` already ends in `/api/auth`.
|
|
292
|
+
*/
|
|
293
|
+
declare const ATHENA_AUTH_GET_SESSION_PATH = "get-session";
|
|
294
|
+
/**
|
|
295
|
+
* Absolute app/proxy path for session lookup.
|
|
296
|
+
* Use with `new URL(ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH, appOrigin)` when
|
|
297
|
+
* `baseUrl` is the **app origin** (e.g. `https://app.example.com`), not the auth client base.
|
|
298
|
+
*/
|
|
299
|
+
declare const ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH = "/api/auth/get-session";
|
|
300
|
+
/**
|
|
301
|
+
* @deprecated Alias of {@link ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH} for drop-in
|
|
302
|
+
* replacement of app-local `AUTH_SESSION_PATH` constants. Prefer the `ATHENA_` name.
|
|
303
|
+
*/
|
|
304
|
+
declare const AUTH_SESSION_PATH = "/api/auth/get-session";
|
|
305
|
+
/**
|
|
306
|
+
* Query param that forces Athena Auth / Better Auth style session handlers to
|
|
307
|
+
* skip cookie cache and re-read the live session cookie.
|
|
308
|
+
*/
|
|
309
|
+
declare const ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM = "disableCookieCache";
|
|
310
|
+
/**
|
|
311
|
+
* @deprecated Alias of {@link ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM}.
|
|
312
|
+
*/
|
|
313
|
+
declare const DISABLE_COOKIE_CACHE_QUERY_PARAM = "disableCookieCache";
|
|
314
|
+
/** Value paired with {@link ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM}. */
|
|
315
|
+
declare const ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE = "true";
|
|
316
|
+
/**
|
|
317
|
+
* @deprecated Alias of {@link ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE}.
|
|
318
|
+
*/
|
|
319
|
+
declare const DISABLE_COOKIE_CACHE_QUERY_VALUE = "true";
|
|
320
|
+
/**
|
|
321
|
+
* Optional request/response header some apps use to pass serialized session
|
|
322
|
+
* payload between edge middleware and the app (not set by the SDK itself).
|
|
323
|
+
*/
|
|
324
|
+
declare const ATHENA_SESSION_DATA_HEADER = "x-session-data";
|
|
325
|
+
/**
|
|
326
|
+
* @deprecated Alias of {@link ATHENA_SESSION_DATA_HEADER}.
|
|
327
|
+
*/
|
|
328
|
+
declare const SESSION_DATA_HEADER = "x-session-data";
|
|
329
|
+
/**
|
|
330
|
+
* Absolute callback URL for email verification.
|
|
331
|
+
*
|
|
332
|
+
* Equivalent to `resolveAthenaAuthRequestUrl("verify-email")` — use this in
|
|
333
|
+
* sign-up / send-verification payloads as `callbackURL` instead of a local
|
|
334
|
+
* wrapper around Auth UI `base-url` helpers.
|
|
335
|
+
*
|
|
336
|
+
* @param rawBaseUrl - Optional base string or env map (defaults to process env)
|
|
337
|
+
* @returns e.g. `https://auth.example.com/api/auth/verify-email`
|
|
338
|
+
*
|
|
339
|
+
* @example
|
|
340
|
+
* ```ts
|
|
341
|
+
* import { resolveEmailVerificationCallbackUrl } from "@xylex-group/athena/utils"
|
|
342
|
+
*
|
|
343
|
+
* await client.auth.signUp.email({
|
|
344
|
+
* email,
|
|
345
|
+
* password,
|
|
346
|
+
* name,
|
|
347
|
+
* callbackURL: resolveEmailVerificationCallbackUrl(),
|
|
348
|
+
* })
|
|
349
|
+
* ```
|
|
350
|
+
*/
|
|
351
|
+
declare function resolveEmailVerificationCallbackUrl(rawBaseUrl?: string | EnvLike): string;
|
|
352
|
+
/**
|
|
353
|
+
* Build a same-origin (or absolute) **fresh** get-session URL.
|
|
354
|
+
*
|
|
355
|
+
* Appends `disableCookieCache=true` so middleware / RSC session probes do not
|
|
356
|
+
* reuse a stale cookie-cache entry.
|
|
357
|
+
*
|
|
358
|
+
* @param baseUrl - App origin (`https://app.example.com`) or any base accepted by
|
|
359
|
+
* the `URL` constructor. Resolves {@link ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH}
|
|
360
|
+
* (`/api/auth/get-session`) against that base.
|
|
361
|
+
* @returns URL such as `https://app.example.com/api/auth/get-session?disableCookieCache=true`
|
|
362
|
+
*
|
|
363
|
+
* @example
|
|
364
|
+
* ```ts
|
|
365
|
+
* import { createFreshSessionLookupUrl } from "@xylex-group/athena/utils"
|
|
366
|
+
*
|
|
367
|
+
* const url = createFreshSessionLookupUrl("https://app.example.com")
|
|
368
|
+
* await fetch(url, { headers: { cookie: requestHeaders.get("cookie") ?? "" } })
|
|
369
|
+
* ```
|
|
370
|
+
*
|
|
371
|
+
* For auth-client base URLs that already include `/api/auth`, prefer:
|
|
372
|
+
* `resolveAthenaAuthRequestUrl("get-session", authBase) + "?disableCookieCache=true"`
|
|
373
|
+
* or pass the **app** origin into this helper when you proxy `/api/auth/*` locally.
|
|
374
|
+
*/
|
|
375
|
+
declare function createFreshSessionLookupUrl(baseUrl: string | URL): URL;
|
|
376
|
+
|
|
377
|
+
export { ATHENA_AUTH_COOKIE_PREFIXES as A, AUTH_SESSION_PATH as B, type ClearAuthCookiesOptions as C, DEFAULT_ATHENA_AUTH_ORIGIN as D, type EnvLike as E, AUTH_TWO_FACTOR_SEGMENT as F, type AthenaAuthClientBaseUrlOptions as G, type AthenaAuthUpstreamEnv as H, type AthenaAuthUpstreamEnvKey as I, type AuthMode as J, type AuthModeRedirects as K, type AuthRoutes as L, DEFAULT_ATHENA_AUTH_UPSTREAM_URL as M, DEFAULT_AUTH_COOKIE_PREFIXES as N, DISABLE_COOKIE_CACHE_QUERY_PARAM as O, DISABLE_COOKIE_CACHE_QUERY_VALUE as P, LOCAL_DEV_ORIGIN as Q, createAuthModeRedirects as R, SESSION_DATA_HEADER as S, createAuthRoutes as T, createFreshSessionLookupUrl as U, isAuthMode as V, readAthenaAuthUpstreamUrlFromEnv as W, resolveAuthModeRedirect as X, shouldRedirectAuthenticatedAuthMode as Y, ATHENA_AUTH_PATH as a, ATHENA_AUTH_UPSTREAM_ENV_KEYS as b, ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES as c, AUTH_DEFAULT_VIEW as d, AUTH_ROUTES as e, AUTH_VIEW_BY_SEGMENT as f, type AuthView as g, clearAuthCookies as h, isAbsoluteUrl as i, resolveAthenaAuthRequestUrl as j, resolveAthenaAuthUpstreamUrl as k, resolveAuthViewFromSegment as l, resolveEmailVerificationCallbackUrl as m, normalizeAthenaAuthBaseUrl as n, ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM as o, ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE as p, ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH as q, resolveAthenaAuthClientBaseUrl as r, shouldRedirectAuthenticatedAuthView as s, ATHENA_AUTH_GET_SESSION_PATH as t, ATHENA_AUTH_VERIFY_EMAIL_PATH as u, ATHENA_SESSION_DATA_HEADER as v, AUTHENTICATED_REDIRECT_MODE_SET as w, AUTHENTICATED_REDIRECT_VIEW_SET as x, AUTH_MODE_REDIRECTS as y, AUTH_MODE_SET as z };
|