@xylex-group/athena 2.12.1 → 2.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (96) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +1190 -1184
  3. package/bin/athena-js.js +104 -76
  4. package/dist/admin.cjs +45 -0
  5. package/dist/admin.cjs.map +1 -0
  6. package/dist/admin.d.cts +64 -0
  7. package/dist/admin.d.ts +64 -0
  8. package/dist/admin.js +41 -0
  9. package/dist/admin.js.map +1 -0
  10. package/dist/athena-auth-url-oLux_57a.d.cts +377 -0
  11. package/dist/athena-auth-url-oLux_57a.d.ts +377 -0
  12. package/dist/browser.cjs +33 -49
  13. package/dist/browser.cjs.map +1 -1
  14. package/dist/browser.d.cts +12 -10
  15. package/dist/browser.d.ts +12 -10
  16. package/dist/browser.js +33 -49
  17. package/dist/browser.js.map +1 -1
  18. package/dist/cli/index.cjs +150 -51
  19. package/dist/cli/index.cjs.map +1 -1
  20. package/dist/cli/index.d.cts +14 -5
  21. package/dist/cli/index.d.ts +14 -5
  22. package/dist/cli/index.js +150 -52
  23. package/dist/cli/index.js.map +1 -1
  24. package/dist/{client-CMtx5P4D.d.cts → client-BJjUwDSg.d.cts} +109 -1448
  25. package/dist/{client-Dre8H24u.d.ts → client-DVOKSYDI.d.ts} +109 -1448
  26. package/dist/cookies.cjs +18 -0
  27. package/dist/cookies.cjs.map +1 -1
  28. package/dist/cookies.d.cts +2 -1
  29. package/dist/cookies.d.ts +2 -1
  30. package/dist/cookies.js +17 -1
  31. package/dist/cookies.js.map +1 -1
  32. package/dist/{index-CVcQCGyG.d.ts → index-CFL9xbFR.d.cts} +2 -0
  33. package/dist/{index-CVcQCGyG.d.cts → index-UKJpunc6.d.ts} +2 -0
  34. package/dist/index.cjs +101 -49
  35. package/dist/index.cjs.map +1 -1
  36. package/dist/index.d.cts +13 -10
  37. package/dist/index.d.ts +13 -10
  38. package/dist/index.js +101 -50
  39. package/dist/index.js.map +1 -1
  40. package/dist/{model-form-DfTi8-D1.d.cts → model-form-Dw4zEL5a.d.cts} +2 -2
  41. package/dist/{model-form-CU0mWrF9.d.ts → model-form-yRg71q3H.d.ts} +2 -2
  42. package/dist/{module-DBGmbIuh.d.ts → module-DBteUIob.d.ts} +12 -9
  43. package/dist/{module-GoijrBXV.d.cts → module-yoX49uQC.d.cts} +12 -9
  44. package/dist/next/client.cjs +452 -49
  45. package/dist/next/client.cjs.map +1 -1
  46. package/dist/next/client.d.cts +7 -4
  47. package/dist/next/client.d.ts +7 -4
  48. package/dist/next/client.js +430 -50
  49. package/dist/next/client.js.map +1 -1
  50. package/dist/next/server.cjs +292 -49
  51. package/dist/next/server.cjs.map +1 -1
  52. package/dist/next/server.d.cts +81 -5
  53. package/dist/next/server.d.ts +81 -5
  54. package/dist/next/server.js +280 -50
  55. package/dist/next/server.js.map +1 -1
  56. package/dist/organization.cjs +72 -0
  57. package/dist/organization.cjs.map +1 -0
  58. package/dist/organization.d.cts +43 -0
  59. package/dist/organization.d.ts +43 -0
  60. package/dist/organization.js +70 -0
  61. package/dist/organization.js.map +1 -0
  62. package/dist/payload-BzVbUgY_.d.cts +219 -0
  63. package/dist/payload-DEOWN_oo.d.ts +219 -0
  64. package/dist/{pipeline-DrjU2vNA.d.ts → pipeline-Bj6RWt1A.d.ts} +1 -1
  65. package/dist/{pipeline-c7Gdm0qv.d.cts → pipeline-Dwck-wZO.d.cts} +1 -1
  66. package/dist/react.cjs +2 -13
  67. package/dist/react.cjs.map +1 -1
  68. package/dist/react.d.cts +26 -7
  69. package/dist/react.d.ts +26 -7
  70. package/dist/react.js +2 -13
  71. package/dist/react.js.map +1 -1
  72. package/dist/session-cookie-detection-BqOp9mO6.d.cts +46 -0
  73. package/dist/session-cookie-detection-BqOp9mO6.d.ts +46 -0
  74. package/dist/social-providers.cjs +4189 -0
  75. package/dist/social-providers.cjs.map +1 -0
  76. package/dist/social-providers.d.cts +4948 -0
  77. package/dist/social-providers.d.ts +4948 -0
  78. package/dist/social-providers.js +4117 -0
  79. package/dist/social-providers.js.map +1 -0
  80. package/dist/{types-Bez4HSbI.d.cts → types-BRP7sfSF.d.ts} +50 -2
  81. package/dist/{types-kPaHUqUa.d.ts → types-BU8uJH_b.d.cts} +50 -2
  82. package/dist/{types-BRUHGXo2.d.ts → types-CH78O90i.d.cts} +2 -2
  83. package/dist/{types-BRUHGXo2.d.cts → types-CH78O90i.d.ts} +2 -2
  84. package/dist/{types-BLizCLd1.d.cts → types-CjC9_5ZQ.d.cts} +3 -3
  85. package/dist/{types-DRRb0Fd0.d.ts → types-DPgejxYC.d.ts} +3 -3
  86. package/dist/types-eAKAh71s.d.cts +1476 -0
  87. package/dist/types-eAKAh71s.d.ts +1476 -0
  88. package/dist/utils.cjs +438 -15
  89. package/dist/utils.cjs.map +1 -1
  90. package/dist/utils.d.cts +76 -11
  91. package/dist/utils.d.ts +76 -11
  92. package/dist/utils.js +390 -16
  93. package/dist/utils.js.map +1 -1
  94. package/package.json +49 -22
  95. package/dist/shared-DZSGAmXs.d.cts +0 -35
  96. package/dist/shared-MMnVBBfy.d.ts +0 -35
package/dist/utils.cjs CHANGED
@@ -70,6 +70,13 @@ function readTrimmedString(value) {
70
70
  const trimmed = value.trim();
71
71
  return trimmed.length > 0 ? trimmed : null;
72
72
  }
73
+ function asNonEmptyString(value) {
74
+ if (typeof value !== "string") {
75
+ return void 0;
76
+ }
77
+ const normalized = value.trim();
78
+ return normalized.length > 0 ? normalized : void 0;
79
+ }
73
80
  function asNumber(value) {
74
81
  if (typeof value === "number" && Number.isFinite(value)) return value;
75
82
  if (typeof value === "string" && value.trim().length > 0) {
@@ -96,6 +103,46 @@ function parseBooleanFlag(rawValue, fallback) {
96
103
  return fallback;
97
104
  }
98
105
 
106
+ // src/utils/require-env.ts
107
+ function requireEnv(names, env) {
108
+ if (!names.length) {
109
+ throw new Error(
110
+ "requireEnv() requires at least one environment variable name."
111
+ );
112
+ }
113
+ const source = env ?? readProcessEnv();
114
+ for (const name of names) {
115
+ const value = source[name]?.trim();
116
+ if (value) {
117
+ return value;
118
+ }
119
+ }
120
+ throw new Error(
121
+ `Missing required environment variable. Expected one of: ${names.join(", ")}`
122
+ );
123
+ }
124
+ function readEnv(names, env) {
125
+ if (!names.length) {
126
+ return void 0;
127
+ }
128
+ const source = env ?? readProcessEnv();
129
+ for (const name of names) {
130
+ const value = source[name]?.trim();
131
+ if (value) {
132
+ return value;
133
+ }
134
+ }
135
+ return void 0;
136
+ }
137
+ function readProcessEnv() {
138
+ try {
139
+ const processEnv = globalThis.process?.env;
140
+ return processEnv ?? {};
141
+ } catch {
142
+ return {};
143
+ }
144
+ }
145
+
99
146
  // src/utils/hostname.ts
100
147
  var LOCAL_IPV4_PATTERN = /^127(?:\.\d{1,3}){3}$/;
101
148
  function isLocalHostname(hostname) {
@@ -112,13 +159,41 @@ function isLocalHostname(hostname) {
112
159
  return false;
113
160
  }
114
161
 
162
+ // src/utils/request-origin.ts
163
+ function isDynamicServerUsageError(error) {
164
+ if (!error || typeof error !== "object") {
165
+ return false;
166
+ }
167
+ const err = error;
168
+ if (err.digest === "DYNAMIC_SERVER_USAGE") {
169
+ return true;
170
+ }
171
+ return typeof err.message === "string" && err.message.includes("Dynamic server usage:");
172
+ }
173
+ function getOriginFromHeaders(headersList, options = {}) {
174
+ const origin = headersList.get("origin")?.trim();
175
+ if (origin) {
176
+ return origin;
177
+ }
178
+ const hostRaw = headersList.get("x-forwarded-host") ?? headersList.get("host");
179
+ const host = hostRaw?.split(",")[0]?.trim();
180
+ if (!host) {
181
+ return null;
182
+ }
183
+ const protoRaw = headersList.get("x-forwarded-proto");
184
+ const protoFirst = protoRaw?.split(",")[0]?.trim().toLowerCase();
185
+ const proto = protoFirst === "http" || protoFirst === "https" ? protoFirst : options.preferHttpWhenMissingProto ? "http" : "https";
186
+ return `${proto}://${host}`;
187
+ }
188
+
115
189
  // src/utils/auth-cookies.ts
116
- var DEFAULT_AUTH_COOKIE_PREFIXES = [
190
+ var ATHENA_AUTH_COOKIE_PREFIXES = [
117
191
  "athena-auth",
118
192
  "__Secure-athena-auth",
119
193
  "better-auth",
120
194
  "__Secure-better-auth"
121
195
  ];
196
+ var DEFAULT_AUTH_COOKIE_PREFIXES = ATHENA_AUTH_COOKIE_PREFIXES;
122
197
  function extractCookieNames(cookieHeader) {
123
198
  const names = /* @__PURE__ */ new Set();
124
199
  for (const rawCookie of cookieHeader.split(";")) {
@@ -180,9 +255,11 @@ function clearAuthCookies(options = {}) {
180
255
  if (!cookieHeader?.trim()) {
181
256
  return [];
182
257
  }
183
- const prefixes = options.prefixes?.length ? options.prefixes : [...DEFAULT_AUTH_COOKIE_PREFIXES];
258
+ const prefixes = options.prefixes?.length ? options.prefixes : [...ATHENA_AUTH_COOKIE_PREFIXES];
184
259
  const cookieNames = extractCookieNames(cookieHeader);
185
- const namesToClear = cookieNames.filter((name) => prefixes.some((prefix) => name.startsWith(prefix)));
260
+ const namesToClear = cookieNames.filter(
261
+ (name) => prefixes.some((prefix) => name.startsWith(prefix))
262
+ );
186
263
  if (namesToClear.length === 0) {
187
264
  return [];
188
265
  }
@@ -198,6 +275,295 @@ function clearAuthCookies(options = {}) {
198
275
  return namesToClear;
199
276
  }
200
277
 
278
+ // src/cookies/session-cookie-detection.ts
279
+ var SESSION_COOKIE_PATTERNS = [
280
+ /(?:^|;\s*)(?:__Secure-)?better-auth\.session_token=/,
281
+ /(?:^|;\s*)(?:__Secure-)?better-auth-session_token=/,
282
+ /(?:^|;\s*)(?:__Secure-)?athena-auth\.session-token=/,
283
+ /(?:^|;\s*)(?:__Secure-)?athena-auth-session-token=/,
284
+ /(?:^|;\s*)(?:__Secure-)?athena-auth\.session_token=/,
285
+ /(?:^|;\s*)(?:__Secure-)?athena-auth-session_token=/
286
+ ];
287
+ function hasAuthSessionCookie(cookieHeader) {
288
+ if (!cookieHeader) {
289
+ return false;
290
+ }
291
+ return SESSION_COOKIE_PATTERNS.some((pattern) => pattern.test(cookieHeader));
292
+ }
293
+
294
+ // src/utils/athena-auth-url.ts
295
+ var ATHENA_AUTH_PATH = "/api/auth";
296
+ var LOCAL_DEV_ORIGIN = "http://localhost:3000";
297
+ var DEFAULT_ATHENA_AUTH_ORIGIN = "https://auth.athena-auth.com";
298
+ var DEFAULT_ATHENA_AUTH_UPSTREAM_URL = DEFAULT_ATHENA_AUTH_ORIGIN;
299
+ var ATHENA_AUTH_UPSTREAM_ENV_KEYS = [
300
+ "ATHENA_AUTH_UPSTREAM_URL",
301
+ "ATHENA_AUTH_URL",
302
+ "NEXT_PUBLIC_ATHENA_AUTH_UPSTREAM_URL",
303
+ "NEXT_PUBLIC_ATHENA_AUTH_URL"
304
+ ];
305
+ var ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES = ATHENA_AUTH_UPSTREAM_ENV_KEYS;
306
+ var LEADING_SLASHES_REGEX = /^\/+/;
307
+ function stripTrailingSlashes(value) {
308
+ return value.replace(/\/+$/g, "");
309
+ }
310
+ function ensureLeadingSlash(value) {
311
+ return value.startsWith("/") ? value : `/${value}`;
312
+ }
313
+ function ensureAthenaAuthPath(pathname) {
314
+ const normalizedPath = stripTrailingSlashes(
315
+ ensureLeadingSlash(pathname.trim())
316
+ );
317
+ if (!normalizedPath || normalizedPath === "/") {
318
+ return ATHENA_AUTH_PATH;
319
+ }
320
+ if (normalizedPath.endsWith(ATHENA_AUTH_PATH)) {
321
+ return normalizedPath;
322
+ }
323
+ return `${normalizedPath}${ATHENA_AUTH_PATH}`;
324
+ }
325
+ function stripAthenaAuthPath(pathname) {
326
+ const normalizedPath = stripTrailingSlashes(
327
+ ensureLeadingSlash(pathname.trim())
328
+ );
329
+ if (!normalizedPath || normalizedPath === "/") {
330
+ return "/";
331
+ }
332
+ if (normalizedPath === ATHENA_AUTH_PATH) {
333
+ return "/";
334
+ }
335
+ if (normalizedPath.endsWith(ATHENA_AUTH_PATH)) {
336
+ const withoutAuthPath = normalizedPath.slice(0, -ATHENA_AUTH_PATH.length);
337
+ return withoutAuthPath ? ensureLeadingSlash(withoutAuthPath) : "/";
338
+ }
339
+ return normalizedPath;
340
+ }
341
+ function readProcessEnv2() {
342
+ try {
343
+ const maybeProcess = globalThis.process;
344
+ return maybeProcess?.env;
345
+ } catch {
346
+ return void 0;
347
+ }
348
+ }
349
+ function getBrowserOrigin() {
350
+ try {
351
+ const origin = globalThis.window?.location?.origin;
352
+ return typeof origin === "string" && origin.length > 0 ? origin : void 0;
353
+ } catch {
354
+ return void 0;
355
+ }
356
+ }
357
+ function isAbsoluteUrl(value) {
358
+ const trimmed = value.trim();
359
+ return trimmed.startsWith("http://") || trimmed.startsWith("https://");
360
+ }
361
+ function readAthenaAuthUpstreamUrlFromEnv(env) {
362
+ for (const key of ATHENA_AUTH_UPSTREAM_ENV_KEYS) {
363
+ const value = env[key]?.trim();
364
+ if (value) {
365
+ return value;
366
+ }
367
+ }
368
+ return void 0;
369
+ }
370
+ function resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl) {
371
+ if (typeof rawUpstreamUrl === "string") {
372
+ const trimmed = rawUpstreamUrl.trim();
373
+ return trimmed || void 0;
374
+ }
375
+ if (rawUpstreamUrl) {
376
+ return readAthenaAuthUpstreamUrlFromEnv(rawUpstreamUrl);
377
+ }
378
+ const processEnv = readProcessEnv2();
379
+ return processEnv ? readAthenaAuthUpstreamUrlFromEnv(processEnv) : void 0;
380
+ }
381
+ function normalizeAthenaAuthBaseUrl(urlOrPath) {
382
+ const trimmed = urlOrPath.trim();
383
+ if (!trimmed) {
384
+ return ATHENA_AUTH_PATH;
385
+ }
386
+ if (isAbsoluteUrl(trimmed)) {
387
+ const url = new URL(trimmed);
388
+ url.pathname = ensureAthenaAuthPath(url.pathname);
389
+ url.search = "";
390
+ url.hash = "";
391
+ return stripTrailingSlashes(url.toString());
392
+ }
393
+ return ensureAthenaAuthPath(trimmed);
394
+ }
395
+ function resolveAthenaAuthUpstreamUrl(rawUpstreamUrl) {
396
+ const configuredUpstream = resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl) || DEFAULT_ATHENA_AUTH_ORIGIN;
397
+ if (isAbsoluteUrl(configuredUpstream)) {
398
+ const upstreamUrl = new URL(configuredUpstream);
399
+ upstreamUrl.pathname = stripAthenaAuthPath(upstreamUrl.pathname);
400
+ upstreamUrl.search = "";
401
+ upstreamUrl.hash = "";
402
+ return stripTrailingSlashes(upstreamUrl.toString());
403
+ }
404
+ const normalizedPath = stripAthenaAuthPath(configuredUpstream);
405
+ return stripTrailingSlashes(
406
+ new URL(normalizedPath, LOCAL_DEV_ORIGIN).toString()
407
+ );
408
+ }
409
+ function resolveBrowserFacingOrigin(rawUpstreamUrl) {
410
+ if (resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl)) {
411
+ return `${resolveAthenaAuthUpstreamUrl(rawUpstreamUrl)}/`;
412
+ }
413
+ const browserOrigin = getBrowserOrigin();
414
+ if (browserOrigin) {
415
+ return `${browserOrigin}/`;
416
+ }
417
+ return `${LOCAL_DEV_ORIGIN}/`;
418
+ }
419
+ function resolvePreservedAthenaAuthBaseUrl(configuredAuthBaseUrl, rawUpstreamUrl) {
420
+ const trimmed = configuredAuthBaseUrl.trim();
421
+ const preservedConfiguredBaseUrl = trimmed || ATHENA_AUTH_PATH;
422
+ if (isAbsoluteUrl(preservedConfiguredBaseUrl)) {
423
+ return stripTrailingSlashes(preservedConfiguredBaseUrl);
424
+ }
425
+ return stripTrailingSlashes(
426
+ new URL(
427
+ ensureLeadingSlash(preservedConfiguredBaseUrl),
428
+ resolveBrowserFacingOrigin(rawUpstreamUrl)
429
+ ).toString()
430
+ );
431
+ }
432
+ function resolveAthenaAuthClientBaseUrl(configuredAuthBaseUrl, rawUpstreamUrl, options = {}) {
433
+ let baseInput;
434
+ if (typeof configuredAuthBaseUrl === "string") {
435
+ baseInput = configuredAuthBaseUrl;
436
+ } else if (configuredAuthBaseUrl) {
437
+ baseInput = readAthenaAuthUpstreamUrlFromEnv(configuredAuthBaseUrl) ?? ATHENA_AUTH_PATH;
438
+ } else {
439
+ const fromEnv = resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl);
440
+ baseInput = fromEnv ?? ATHENA_AUTH_PATH;
441
+ }
442
+ if (options.appendAuthPath === false) {
443
+ return resolvePreservedAthenaAuthBaseUrl(baseInput, rawUpstreamUrl);
444
+ }
445
+ const normalizedConfiguredBaseUrl = normalizeAthenaAuthBaseUrl(baseInput);
446
+ if (isAbsoluteUrl(normalizedConfiguredBaseUrl)) {
447
+ return normalizedConfiguredBaseUrl;
448
+ }
449
+ const browserOrigin = getBrowserOrigin();
450
+ if (browserOrigin) {
451
+ return stripTrailingSlashes(
452
+ new URL(normalizedConfiguredBaseUrl, browserOrigin).toString()
453
+ );
454
+ }
455
+ if (resolveConfiguredAthenaAuthUpstreamUrl(rawUpstreamUrl)) {
456
+ const upstream = resolveAthenaAuthUpstreamUrl(rawUpstreamUrl);
457
+ return stripTrailingSlashes(
458
+ new URL(ATHENA_AUTH_PATH, `${upstream}/`).toString()
459
+ );
460
+ }
461
+ return stripTrailingSlashes(
462
+ new URL(normalizedConfiguredBaseUrl, LOCAL_DEV_ORIGIN).toString()
463
+ );
464
+ }
465
+ function resolveAthenaAuthRequestUrl(path, rawBaseUrl) {
466
+ const normalizedPath = path.replace(LEADING_SLASHES_REGEX, "");
467
+ const base = resolveAthenaAuthClientBaseUrl(rawBaseUrl);
468
+ return new URL(normalizedPath, `${base}/`).toString();
469
+ }
470
+ var ATHENA_AUTH_VERIFY_EMAIL_PATH = "verify-email";
471
+ var ATHENA_AUTH_GET_SESSION_PATH = "get-session";
472
+ var ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH = `${ATHENA_AUTH_PATH}/get-session`;
473
+ var AUTH_SESSION_PATH = ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH;
474
+ var ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM = "disableCookieCache";
475
+ var DISABLE_COOKIE_CACHE_QUERY_PARAM = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM;
476
+ var ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE = "true";
477
+ var DISABLE_COOKIE_CACHE_QUERY_VALUE = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE;
478
+ var ATHENA_SESSION_DATA_HEADER = "x-session-data";
479
+ var SESSION_DATA_HEADER = ATHENA_SESSION_DATA_HEADER;
480
+ function resolveEmailVerificationCallbackUrl(rawBaseUrl) {
481
+ return resolveAthenaAuthRequestUrl(ATHENA_AUTH_VERIFY_EMAIL_PATH, rawBaseUrl);
482
+ }
483
+ function createFreshSessionLookupUrl(baseUrl) {
484
+ const url = new URL(ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH, baseUrl);
485
+ url.searchParams.set(
486
+ ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM,
487
+ ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE
488
+ );
489
+ return url;
490
+ }
491
+
492
+ // src/utils/auth-routes.ts
493
+ var AUTH_DEFAULT_VIEW = "sign-in";
494
+ var AUTH_TWO_FACTOR_SEGMENT = "two-factor";
495
+ var AUTH_VIEW_BY_SEGMENT = {
496
+ "accept-invitation": "accept-invitation",
497
+ "check-email": "check-email",
498
+ "forget-password": "forgot-password",
499
+ "forgot-password": "forgot-password",
500
+ logout: "logout",
501
+ "reset-email-sent": "reset-email-sent",
502
+ "reset-password": "reset-password",
503
+ "sign-in": "sign-in",
504
+ "sign-up": "sign-up"
505
+ };
506
+ var AUTHENTICATED_REDIRECT_VIEW_SET = /* @__PURE__ */ new Set([
507
+ "sign-in",
508
+ "sign-up",
509
+ "forgot-password"
510
+ ]);
511
+ function resolveAuthViewFromSegment(segment) {
512
+ if (!segment) {
513
+ return AUTH_DEFAULT_VIEW;
514
+ }
515
+ return AUTH_VIEW_BY_SEGMENT[segment] ?? null;
516
+ }
517
+ function shouldRedirectAuthenticatedAuthView(view) {
518
+ return AUTHENTICATED_REDIRECT_VIEW_SET.has(view);
519
+ }
520
+ var AUTH_ROUTES = {
521
+ acceptInvitation: "/auth/accept-invitation",
522
+ appHome: "/",
523
+ checkEmail: "/auth/check-email",
524
+ forgotPassword: "/auth/forgot-password",
525
+ logout: "/auth/logout",
526
+ resetEmailSent: "/auth/reset-email-sent",
527
+ resetPassword: "/auth/reset-password",
528
+ signIn: "/auth/sign-in",
529
+ signUp: "/auth/sign-up",
530
+ socialCallback: "/auth/social-callback"
531
+ };
532
+ function createAuthRoutes(overrides = {}) {
533
+ return {
534
+ ...AUTH_ROUTES,
535
+ ...overrides
536
+ };
537
+ }
538
+ function createAuthModeRedirects(routes = AUTH_ROUTES) {
539
+ return {
540
+ "forgot-password": routes.forgotPassword,
541
+ login: routes.signIn,
542
+ logout: routes.logout,
543
+ "reset-password": routes.resetPassword,
544
+ signup: routes.signUp
545
+ };
546
+ }
547
+ var AUTH_MODE_REDIRECTS = createAuthModeRedirects();
548
+ var AUTH_MODE_SET = new Set(Object.keys(AUTH_MODE_REDIRECTS));
549
+ var AUTHENTICATED_REDIRECT_MODE_SET = /* @__PURE__ */ new Set([
550
+ "login",
551
+ "signup",
552
+ "forgot-password"
553
+ ]);
554
+ function isAuthMode(value) {
555
+ return AUTH_MODE_SET.has(value);
556
+ }
557
+ function shouldRedirectAuthenticatedAuthMode(mode) {
558
+ return AUTHENTICATED_REDIRECT_MODE_SET.has(mode);
559
+ }
560
+ function resolveAuthModeRedirect(mode, redirects = AUTH_MODE_REDIRECTS) {
561
+ if (!mode || !isAuthMode(mode)) {
562
+ return null;
563
+ }
564
+ return redirects[mode];
565
+ }
566
+
201
567
  // src/utils/proxy-request-headers.ts
202
568
  function proxyRequestHeaders(request) {
203
569
  const headers = new Headers(request.headers);
@@ -251,7 +617,7 @@ var getSessionCookie = (request, config) => {
251
617
 
252
618
  // src/utils/athena-request-headers.ts
253
619
  var NO_CACHE_HEADER_VALUE = "no-cache";
254
- var API_KEY_HEADER_CANDIDATES = ["X-Api-Key", "x-api-key", "apikey"];
620
+ var API_KEY_HEADER_CANDIDATES = ["X-Athena-Key", "x-athena-key", "X-Api-Key", "x-api-key", "apikey"];
255
621
  var ATHENA_KEY_HEADER_CANDIDATES = ["X-Athena-Key", "x-athena-key"];
256
622
  var SESSION_TOKEN_HEADER_CANDIDATES = ["X-Athena-Auth-Session-Token"];
257
623
  var BEARER_MIRROR_HEADER_CANDIDATES = ["X-Athena-Auth-Bearer-Token"];
@@ -353,17 +719,6 @@ function buildServiceRequestHeaders(profile, sdkHeaderValue, config, options, ex
353
719
  });
354
720
  }
355
721
  function applyAthenaApiKeyHeaders(headers, apiKey, athenaKey) {
356
- if (apiKey) {
357
- if (!hasHeaderIgnoreCase(headers, "apikey")) {
358
- headers.apikey = apiKey;
359
- }
360
- if (!Object.hasOwn(headers, "x-api-key")) {
361
- headers["x-api-key"] = apiKey;
362
- }
363
- if (!Object.hasOwn(headers, "X-Api-Key")) {
364
- headers["X-Api-Key"] = apiKey;
365
- }
366
- }
367
722
  const resolvedAthenaKey = normalizeHeaderValue(athenaKey) ?? normalizeHeaderValue(apiKey);
368
723
  if (resolvedAthenaKey && !hasHeaderIgnoreCase(headers, "X-Athena-Key")) {
369
724
  headers["X-Athena-Key"] = resolvedAthenaKey;
@@ -423,6 +778,25 @@ function applyAthenaPgUriHeaders(headers, input) {
423
778
  }
424
779
  }
425
780
  }
781
+ function buildAthenaGatewayHeaders(input) {
782
+ const trimmedClientName = input.clientName?.trim();
783
+ const trimmedGatewayKey = input.gatewayKey?.trim();
784
+ const merged = {
785
+ ...trimmedClientName ? {
786
+ "X-Athena-Client": trimmedClientName
787
+ } : {},
788
+ ...trimmedGatewayKey ? {
789
+ "X-Api-Key": trimmedGatewayKey,
790
+ "X-Athena-Key": trimmedGatewayKey
791
+ } : {},
792
+ ...input.headers
793
+ };
794
+ return Object.fromEntries(
795
+ Object.entries(merged).flatMap(
796
+ ([key, value]) => typeof value === "string" && value.trim() ? [[key, value.trim()]] : []
797
+ )
798
+ );
799
+ }
426
800
  function buildAthenaRequestHeaders(input) {
427
801
  const forceNoCache = Boolean(input.forceNoCache);
428
802
  const mergedExtraHeaders = mergeExtraHeaders(input.configHeaders, input.callHeaders);
@@ -530,29 +904,78 @@ function sqlBigInt(value) {
530
904
  return `${BigInt(value).toString()}::bigint`;
531
905
  }
532
906
 
907
+ exports.ATHENA_AUTH_COOKIE_PREFIXES = ATHENA_AUTH_COOKIE_PREFIXES;
908
+ exports.ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM;
909
+ exports.ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE = ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE;
910
+ exports.ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH = ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH;
911
+ exports.ATHENA_AUTH_GET_SESSION_PATH = ATHENA_AUTH_GET_SESSION_PATH;
912
+ exports.ATHENA_AUTH_PATH = ATHENA_AUTH_PATH;
913
+ exports.ATHENA_AUTH_UPSTREAM_ENV_KEYS = ATHENA_AUTH_UPSTREAM_ENV_KEYS;
914
+ exports.ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES = ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES;
915
+ exports.ATHENA_AUTH_VERIFY_EMAIL_PATH = ATHENA_AUTH_VERIFY_EMAIL_PATH;
916
+ exports.ATHENA_SESSION_DATA_HEADER = ATHENA_SESSION_DATA_HEADER;
917
+ exports.AUTHENTICATED_REDIRECT_MODE_SET = AUTHENTICATED_REDIRECT_MODE_SET;
918
+ exports.AUTHENTICATED_REDIRECT_VIEW_SET = AUTHENTICATED_REDIRECT_VIEW_SET;
919
+ exports.AUTH_DEFAULT_VIEW = AUTH_DEFAULT_VIEW;
920
+ exports.AUTH_MODE_REDIRECTS = AUTH_MODE_REDIRECTS;
921
+ exports.AUTH_MODE_SET = AUTH_MODE_SET;
922
+ exports.AUTH_ROUTES = AUTH_ROUTES;
923
+ exports.AUTH_SESSION_PATH = AUTH_SESSION_PATH;
924
+ exports.AUTH_TWO_FACTOR_SEGMENT = AUTH_TWO_FACTOR_SEGMENT;
925
+ exports.AUTH_VIEW_BY_SEGMENT = AUTH_VIEW_BY_SEGMENT;
926
+ exports.DEFAULT_ATHENA_AUTH_ORIGIN = DEFAULT_ATHENA_AUTH_ORIGIN;
927
+ exports.DEFAULT_ATHENA_AUTH_UPSTREAM_URL = DEFAULT_ATHENA_AUTH_UPSTREAM_URL;
928
+ exports.DEFAULT_AUTH_COOKIE_PREFIXES = DEFAULT_AUTH_COOKIE_PREFIXES;
929
+ exports.DISABLE_COOKIE_CACHE_QUERY_PARAM = DISABLE_COOKIE_CACHE_QUERY_PARAM;
930
+ exports.DISABLE_COOKIE_CACHE_QUERY_VALUE = DISABLE_COOKIE_CACHE_QUERY_VALUE;
931
+ exports.LOCAL_DEV_ORIGIN = LOCAL_DEV_ORIGIN;
932
+ exports.SESSION_COOKIE_PATTERNS = SESSION_COOKIE_PATTERNS;
933
+ exports.SESSION_DATA_HEADER = SESSION_DATA_HEADER;
533
934
  exports.applyAthenaApiKeyHeaders = applyAthenaApiKeyHeaders;
534
935
  exports.applyAthenaAuthContextHeaders = applyAthenaAuthContextHeaders;
535
936
  exports.applyAthenaPgUriHeaders = applyAthenaPgUriHeaders;
536
937
  exports.asBoolean = asBoolean;
537
938
  exports.asBooleanOrNull = asBooleanOrNull;
538
939
  exports.asIdentifier = asIdentifier;
940
+ exports.asNonEmptyString = asNonEmptyString;
539
941
  exports.asNumber = asNumber;
540
942
  exports.asRecord = asRecord;
541
943
  exports.asString = asString;
542
944
  exports.asStringArray = asStringArray;
945
+ exports.buildAthenaGatewayHeaders = buildAthenaGatewayHeaders;
543
946
  exports.buildAthenaRequestHeaders = buildAthenaRequestHeaders;
544
947
  exports.buildServiceRequestHeaders = buildServiceRequestHeaders;
545
948
  exports.clearAuthCookies = clearAuthCookies;
949
+ exports.createAuthModeRedirects = createAuthModeRedirects;
950
+ exports.createAuthRoutes = createAuthRoutes;
951
+ exports.createFreshSessionLookupUrl = createFreshSessionLookupUrl;
546
952
  exports.escapeLikePatternValue = escapeLikePatternValue;
547
953
  exports.firstString = firstString;
954
+ exports.getOriginFromHeaders = getOriginFromHeaders;
955
+ exports.hasAuthSessionCookie = hasAuthSessionCookie;
548
956
  exports.hasHeaderIgnoreCase = hasHeaderIgnoreCase;
957
+ exports.isAbsoluteUrl = isAbsoluteUrl;
958
+ exports.isAuthMode = isAuthMode;
959
+ exports.isDynamicServerUsageError = isDynamicServerUsageError;
549
960
  exports.isLocalHostname = isLocalHostname;
961
+ exports.normalizeAthenaAuthBaseUrl = normalizeAthenaAuthBaseUrl;
550
962
  exports.parseBooleanFlag = parseBooleanFlag;
551
963
  exports.proxyRequestHeaders = proxyRequestHeaders;
552
964
  exports.quoteSqlStringLiteral = quoteSqlStringLiteral;
965
+ exports.readAthenaAuthUpstreamUrlFromEnv = readAthenaAuthUpstreamUrlFromEnv;
966
+ exports.readEnv = readEnv;
553
967
  exports.readTrimmedString = readTrimmedString;
968
+ exports.requireEnv = requireEnv;
969
+ exports.resolveAthenaAuthClientBaseUrl = resolveAthenaAuthClientBaseUrl;
970
+ exports.resolveAthenaAuthRequestUrl = resolveAthenaAuthRequestUrl;
971
+ exports.resolveAthenaAuthUpstreamUrl = resolveAthenaAuthUpstreamUrl;
972
+ exports.resolveAuthModeRedirect = resolveAuthModeRedirect;
973
+ exports.resolveAuthViewFromSegment = resolveAuthViewFromSegment;
974
+ exports.resolveEmailVerificationCallbackUrl = resolveEmailVerificationCallbackUrl;
554
975
  exports.resolveHeaderValue = resolveHeaderValue;
555
976
  exports.resolveRequestHeaderOverrides = resolveRequestHeaderOverrides;
977
+ exports.shouldRedirectAuthenticatedAuthMode = shouldRedirectAuthenticatedAuthMode;
978
+ exports.shouldRedirectAuthenticatedAuthView = shouldRedirectAuthenticatedAuthView;
556
979
  exports.slugify = slugify;
557
980
  exports.sqlBigInt = sqlBigInt;
558
981
  exports.sqlJsonbLiteral = sqlJsonbLiteral;