@xylex-group/athena 2.12.1 → 2.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -21
- package/README.md +1190 -1184
- package/bin/athena-js.js +104 -76
- package/dist/admin.cjs +45 -0
- package/dist/admin.cjs.map +1 -0
- package/dist/admin.d.cts +64 -0
- package/dist/admin.d.ts +64 -0
- package/dist/admin.js +41 -0
- package/dist/admin.js.map +1 -0
- package/dist/athena-auth-url-oLux_57a.d.cts +377 -0
- package/dist/athena-auth-url-oLux_57a.d.ts +377 -0
- package/dist/browser.cjs +33 -49
- package/dist/browser.cjs.map +1 -1
- package/dist/browser.d.cts +12 -10
- package/dist/browser.d.ts +12 -10
- package/dist/browser.js +33 -49
- package/dist/browser.js.map +1 -1
- package/dist/cli/index.cjs +150 -51
- package/dist/cli/index.cjs.map +1 -1
- package/dist/cli/index.d.cts +14 -5
- package/dist/cli/index.d.ts +14 -5
- package/dist/cli/index.js +150 -52
- package/dist/cli/index.js.map +1 -1
- package/dist/{client-CMtx5P4D.d.cts → client-BJjUwDSg.d.cts} +109 -1448
- package/dist/{client-Dre8H24u.d.ts → client-DVOKSYDI.d.ts} +109 -1448
- package/dist/cookies.cjs +18 -0
- package/dist/cookies.cjs.map +1 -1
- package/dist/cookies.d.cts +2 -1
- package/dist/cookies.d.ts +2 -1
- package/dist/cookies.js +17 -1
- package/dist/cookies.js.map +1 -1
- package/dist/{index-CVcQCGyG.d.ts → index-CFL9xbFR.d.cts} +2 -0
- package/dist/{index-CVcQCGyG.d.cts → index-UKJpunc6.d.ts} +2 -0
- package/dist/index.cjs +101 -49
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +13 -10
- package/dist/index.d.ts +13 -10
- package/dist/index.js +101 -50
- package/dist/index.js.map +1 -1
- package/dist/{model-form-DfTi8-D1.d.cts → model-form-Dw4zEL5a.d.cts} +2 -2
- package/dist/{model-form-CU0mWrF9.d.ts → model-form-yRg71q3H.d.ts} +2 -2
- package/dist/{module-DBGmbIuh.d.ts → module-DBteUIob.d.ts} +12 -9
- package/dist/{module-GoijrBXV.d.cts → module-yoX49uQC.d.cts} +12 -9
- package/dist/next/client.cjs +452 -49
- package/dist/next/client.cjs.map +1 -1
- package/dist/next/client.d.cts +7 -4
- package/dist/next/client.d.ts +7 -4
- package/dist/next/client.js +430 -50
- package/dist/next/client.js.map +1 -1
- package/dist/next/server.cjs +292 -49
- package/dist/next/server.cjs.map +1 -1
- package/dist/next/server.d.cts +81 -5
- package/dist/next/server.d.ts +81 -5
- package/dist/next/server.js +280 -50
- package/dist/next/server.js.map +1 -1
- package/dist/organization.cjs +72 -0
- package/dist/organization.cjs.map +1 -0
- package/dist/organization.d.cts +43 -0
- package/dist/organization.d.ts +43 -0
- package/dist/organization.js +70 -0
- package/dist/organization.js.map +1 -0
- package/dist/payload-BzVbUgY_.d.cts +219 -0
- package/dist/payload-DEOWN_oo.d.ts +219 -0
- package/dist/{pipeline-DrjU2vNA.d.ts → pipeline-Bj6RWt1A.d.ts} +1 -1
- package/dist/{pipeline-c7Gdm0qv.d.cts → pipeline-Dwck-wZO.d.cts} +1 -1
- package/dist/react.cjs +2 -13
- package/dist/react.cjs.map +1 -1
- package/dist/react.d.cts +26 -7
- package/dist/react.d.ts +26 -7
- package/dist/react.js +2 -13
- package/dist/react.js.map +1 -1
- package/dist/session-cookie-detection-BqOp9mO6.d.cts +46 -0
- package/dist/session-cookie-detection-BqOp9mO6.d.ts +46 -0
- package/dist/social-providers.cjs +4189 -0
- package/dist/social-providers.cjs.map +1 -0
- package/dist/social-providers.d.cts +4948 -0
- package/dist/social-providers.d.ts +4948 -0
- package/dist/social-providers.js +4117 -0
- package/dist/social-providers.js.map +1 -0
- package/dist/{types-Bez4HSbI.d.cts → types-BRP7sfSF.d.ts} +50 -2
- package/dist/{types-kPaHUqUa.d.ts → types-BU8uJH_b.d.cts} +50 -2
- package/dist/{types-BRUHGXo2.d.ts → types-CH78O90i.d.cts} +2 -2
- package/dist/{types-BRUHGXo2.d.cts → types-CH78O90i.d.ts} +2 -2
- package/dist/{types-BLizCLd1.d.cts → types-CjC9_5ZQ.d.cts} +3 -3
- package/dist/{types-DRRb0Fd0.d.ts → types-DPgejxYC.d.ts} +3 -3
- package/dist/types-eAKAh71s.d.cts +1476 -0
- package/dist/types-eAKAh71s.d.ts +1476 -0
- package/dist/utils.cjs +438 -15
- package/dist/utils.cjs.map +1 -1
- package/dist/utils.d.cts +76 -11
- package/dist/utils.d.ts +76 -11
- package/dist/utils.js +390 -16
- package/dist/utils.js.map +1 -1
- package/package.json +49 -22
- package/dist/shared-DZSGAmXs.d.cts +0 -35
- package/dist/shared-MMnVBBfy.d.ts +0 -35
|
@@ -0,0 +1,377 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cookie name prefixes treated as Athena Auth / Better Auth session material.
|
|
3
|
+
*
|
|
4
|
+
* Used by {@link clearAuthCookies} when matching `document.cookie` names
|
|
5
|
+
* (including `__Secure-` prefixed variants).
|
|
6
|
+
*
|
|
7
|
+
* | Prefix | Typical cookies |
|
|
8
|
+
* |--------|-----------------|
|
|
9
|
+
* | `athena-auth` | `athena-auth.session_token`, `athena-auth.session-token`, chunked `session_data.*` |
|
|
10
|
+
* | `__Secure-athena-auth` | HTTPS-prefixed Athena cookies |
|
|
11
|
+
* | `better-auth` | Legacy Better Auth session cookies |
|
|
12
|
+
* | `__Secure-better-auth` | HTTPS-prefixed Better Auth cookies |
|
|
13
|
+
*
|
|
14
|
+
* @see {@link clearAuthCookies}
|
|
15
|
+
* @see docs/auth-cookies.md
|
|
16
|
+
*/
|
|
17
|
+
declare const ATHENA_AUTH_COOKIE_PREFIXES: readonly ["athena-auth", "__Secure-athena-auth", "better-auth", "__Secure-better-auth"];
|
|
18
|
+
/** @deprecated Prefer {@link ATHENA_AUTH_COOKIE_PREFIXES}. */
|
|
19
|
+
declare const DEFAULT_AUTH_COOKIE_PREFIXES: readonly ["athena-auth", "__Secure-athena-auth", "better-auth", "__Secure-better-auth"];
|
|
20
|
+
interface ClearAuthCookiesOptions {
|
|
21
|
+
/**
|
|
22
|
+
* Name prefixes to clear. Defaults to {@link ATHENA_AUTH_COOKIE_PREFIXES}.
|
|
23
|
+
*/
|
|
24
|
+
prefixes?: string[];
|
|
25
|
+
/**
|
|
26
|
+
* Hostname used to build domain candidates (host + parent domains).
|
|
27
|
+
* Defaults to `window.location.hostname` when available.
|
|
28
|
+
*/
|
|
29
|
+
hostname?: string;
|
|
30
|
+
/**
|
|
31
|
+
* Cookie path attribute when expiring cookies.
|
|
32
|
+
* @default `/`
|
|
33
|
+
*/
|
|
34
|
+
path?: string;
|
|
35
|
+
/**
|
|
36
|
+
* Override cookie header to scan (tests). Defaults to `document.cookie`.
|
|
37
|
+
*/
|
|
38
|
+
cookieHeader?: string;
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Clears Athena Auth / Better Auth browser cookies by name prefix.
|
|
42
|
+
*
|
|
43
|
+
* Safe to call from server/SSR: returns `[]` when `document` is unavailable.
|
|
44
|
+
* Prefer this over local copies of cookie-clearing loops in app `signOut`
|
|
45
|
+
* helpers.
|
|
46
|
+
*
|
|
47
|
+
* Compared to a minimal `document.cookie = …; path=/` wipe, this helper also:
|
|
48
|
+
* - expires with `Max-Age=0`
|
|
49
|
+
* - tries host + parent domain attributes (for subdomain deployments)
|
|
50
|
+
* - skips domain attributes on localhost / local hostnames
|
|
51
|
+
*
|
|
52
|
+
* For the **app-host bridge** httpOnly cookie written by
|
|
53
|
+
* `createAthenaAuthSessionBridgeHandlers`, also call
|
|
54
|
+
* `clearAthenaAuthSessionOnAppHost()` from `@xylex-group/athena/next/client`
|
|
55
|
+
* (that cookie is not always visible to `document.cookie`).
|
|
56
|
+
*
|
|
57
|
+
* @param options - Optional prefixes, hostname, path, or cookie header override
|
|
58
|
+
* @returns Cookie names that matched and were targeted for deletion
|
|
59
|
+
*
|
|
60
|
+
* @example
|
|
61
|
+
* ```ts
|
|
62
|
+
* import { clearAuthCookies } from "@xylex-group/athena/utils"
|
|
63
|
+
*
|
|
64
|
+
* export async function signOut(options?: { redirect?: boolean }) {
|
|
65
|
+
* try {
|
|
66
|
+
* await authClient.signOut({ fetchOptions: { throw: true } })
|
|
67
|
+
* } catch (error) {
|
|
68
|
+
* console.error("[auth] Sign out failed:", error)
|
|
69
|
+
* } finally {
|
|
70
|
+
* clearAuthCookies()
|
|
71
|
+
* if (options?.redirect !== false && typeof window !== "undefined") {
|
|
72
|
+
* window.location.href = "/sign-in"
|
|
73
|
+
* }
|
|
74
|
+
* }
|
|
75
|
+
* }
|
|
76
|
+
* ```
|
|
77
|
+
*/
|
|
78
|
+
declare function clearAuthCookies(options?: ClearAuthCookiesOptions): string[];
|
|
79
|
+
|
|
80
|
+
/**
|
|
81
|
+
* Shared Athena Auth UI route segments, views, and redirect helpers.
|
|
82
|
+
*
|
|
83
|
+
* Aligned with `@xylex-group/athena-auth-ui` / Auth UI `routes.ts` so apps can
|
|
84
|
+
* import from `@xylex-group/athena/utils` instead of copying route maps.
|
|
85
|
+
*/
|
|
86
|
+
/**
|
|
87
|
+
* Canonical auth screen ids used by UI routing and middleware.
|
|
88
|
+
*
|
|
89
|
+
* Note: the canonical forgot-password view id is `forgot-password`. The URL
|
|
90
|
+
* segment `forget-password` is accepted as a legacy alias and maps to that view.
|
|
91
|
+
*/
|
|
92
|
+
type AuthView = 'sign-in' | 'sign-up' | 'forgot-password' | 'reset-password' | 'reset-email-sent' | 'check-email' | 'accept-invitation' | 'logout';
|
|
93
|
+
/** Default view when no path segment is present. */
|
|
94
|
+
declare const AUTH_DEFAULT_VIEW = "sign-in";
|
|
95
|
+
/** Optional two-factor path segment used by some app routers. */
|
|
96
|
+
declare const AUTH_TWO_FACTOR_SEGMENT = "two-factor";
|
|
97
|
+
/**
|
|
98
|
+
* Map of URL path segments → {@link AuthView}.
|
|
99
|
+
*
|
|
100
|
+
* Includes `forget-password` as a legacy alias for `forgot-password`.
|
|
101
|
+
*/
|
|
102
|
+
declare const AUTH_VIEW_BY_SEGMENT: Readonly<Record<string, AuthView>>;
|
|
103
|
+
/**
|
|
104
|
+
* Views that should bounce **authenticated** users away (e.g. to app home).
|
|
105
|
+
* Reset/check-email/logout stay reachable while signed in.
|
|
106
|
+
*/
|
|
107
|
+
declare const AUTHENTICATED_REDIRECT_VIEW_SET: Set<AuthView>;
|
|
108
|
+
/**
|
|
109
|
+
* Resolve an auth UI view from a single path segment.
|
|
110
|
+
*
|
|
111
|
+
* @param segment - e.g. `"sign-in"` from `/auth/[segment]`; `undefined` → default
|
|
112
|
+
* @returns Canonical {@link AuthView}, or `null` when the segment is unknown
|
|
113
|
+
*
|
|
114
|
+
* @example
|
|
115
|
+
* ```ts
|
|
116
|
+
* resolveAuthViewFromSegment(undefined) // "sign-in"
|
|
117
|
+
* resolveAuthViewFromSegment("forget-password") // "forgot-password"
|
|
118
|
+
* resolveAuthViewFromSegment("unknown") // null
|
|
119
|
+
* ```
|
|
120
|
+
*/
|
|
121
|
+
declare function resolveAuthViewFromSegment(segment: string | undefined): AuthView | null;
|
|
122
|
+
/**
|
|
123
|
+
* Whether an authenticated user should be redirected away from this auth view.
|
|
124
|
+
*
|
|
125
|
+
* @param view - Resolved auth view
|
|
126
|
+
*/
|
|
127
|
+
declare function shouldRedirectAuthenticatedAuthView(view: AuthView): boolean;
|
|
128
|
+
/**
|
|
129
|
+
* Default page routes under `/auth/*` for Next.js (or similar) apps.
|
|
130
|
+
*/
|
|
131
|
+
declare const AUTH_ROUTES: {
|
|
132
|
+
readonly acceptInvitation: "/auth/accept-invitation";
|
|
133
|
+
readonly appHome: "/";
|
|
134
|
+
readonly checkEmail: "/auth/check-email";
|
|
135
|
+
readonly forgotPassword: "/auth/forgot-password";
|
|
136
|
+
readonly logout: "/auth/logout";
|
|
137
|
+
readonly resetEmailSent: "/auth/reset-email-sent";
|
|
138
|
+
readonly resetPassword: "/auth/reset-password";
|
|
139
|
+
readonly signIn: "/auth/sign-in";
|
|
140
|
+
readonly signUp: "/auth/sign-up";
|
|
141
|
+
readonly socialCallback: "/auth/social-callback";
|
|
142
|
+
};
|
|
143
|
+
type AuthRoutes = Record<keyof typeof AUTH_ROUTES, string>;
|
|
144
|
+
/**
|
|
145
|
+
* Build an auth route map with optional path overrides.
|
|
146
|
+
*/
|
|
147
|
+
declare function createAuthRoutes(overrides?: Partial<AuthRoutes>): AuthRoutes;
|
|
148
|
+
/**
|
|
149
|
+
* Query/mode → path redirects used by legacy `?mode=` style entrypoints.
|
|
150
|
+
*/
|
|
151
|
+
interface AuthModeRedirects {
|
|
152
|
+
readonly 'forgot-password': string;
|
|
153
|
+
readonly login: string;
|
|
154
|
+
readonly logout: string;
|
|
155
|
+
readonly 'reset-password': string;
|
|
156
|
+
readonly signup: string;
|
|
157
|
+
}
|
|
158
|
+
declare function createAuthModeRedirects(routes?: AuthRoutes): AuthModeRedirects;
|
|
159
|
+
declare const AUTH_MODE_REDIRECTS: AuthModeRedirects;
|
|
160
|
+
type AuthMode = keyof AuthModeRedirects;
|
|
161
|
+
declare const AUTH_MODE_SET: Set<string>;
|
|
162
|
+
declare const AUTHENTICATED_REDIRECT_MODE_SET: Set<keyof AuthModeRedirects>;
|
|
163
|
+
/**
|
|
164
|
+
* Type guard for legacy auth `mode` query values (`login`, `signup`, …).
|
|
165
|
+
*/
|
|
166
|
+
declare function isAuthMode(value: string): value is AuthMode;
|
|
167
|
+
/**
|
|
168
|
+
* Whether an authenticated user should be redirected away from this auth mode.
|
|
169
|
+
*/
|
|
170
|
+
declare function shouldRedirectAuthenticatedAuthMode(mode: AuthMode): boolean;
|
|
171
|
+
/**
|
|
172
|
+
* Resolve a path for a legacy auth mode string.
|
|
173
|
+
*
|
|
174
|
+
* @returns Path from {@link AUTH_MODE_REDIRECTS}, or `null` if unknown
|
|
175
|
+
*/
|
|
176
|
+
declare function resolveAuthModeRedirect(mode: string | undefined, redirects?: AuthModeRedirects): string | null;
|
|
177
|
+
|
|
178
|
+
/**
|
|
179
|
+
* Resolve Athena Auth base / upstream URLs from env or explicit config.
|
|
180
|
+
*
|
|
181
|
+
* Mirrors the Athena Auth UI base-url contract so apps and the SDK share one
|
|
182
|
+
* precedence order for `ATHENA_AUTH_*` environment variables.
|
|
183
|
+
*/
|
|
184
|
+
/** Default browser/proxy path for same-origin auth routing. */
|
|
185
|
+
declare const ATHENA_AUTH_PATH = "/api/auth";
|
|
186
|
+
/** Fallback origin when no absolute upstream is configured (server-side). */
|
|
187
|
+
declare const LOCAL_DEV_ORIGIN = "http://localhost:3000";
|
|
188
|
+
/**
|
|
189
|
+
* Hosted Athena Auth origin used when no upstream override is supplied.
|
|
190
|
+
* Origin only — no `/api/auth` suffix.
|
|
191
|
+
*/
|
|
192
|
+
declare const DEFAULT_ATHENA_AUTH_ORIGIN = "https://auth.athena-auth.com";
|
|
193
|
+
/**
|
|
194
|
+
* @deprecated Prefer {@link DEFAULT_ATHENA_AUTH_ORIGIN}.
|
|
195
|
+
* Kept for callers that used the older name.
|
|
196
|
+
*/
|
|
197
|
+
declare const DEFAULT_ATHENA_AUTH_UPSTREAM_URL = "https://auth.athena-auth.com";
|
|
198
|
+
/**
|
|
199
|
+
* Environment keys checked (in order) for the Athena Auth upstream URL.
|
|
200
|
+
*
|
|
201
|
+
* Prefer server-only keys first so private upstream hosts are not forced to
|
|
202
|
+
* rely on `NEXT_PUBLIC_*` values.
|
|
203
|
+
*/
|
|
204
|
+
declare const ATHENA_AUTH_UPSTREAM_ENV_KEYS: readonly ["ATHENA_AUTH_UPSTREAM_URL", "ATHENA_AUTH_URL", "NEXT_PUBLIC_ATHENA_AUTH_UPSTREAM_URL", "NEXT_PUBLIC_ATHENA_AUTH_URL"];
|
|
205
|
+
/**
|
|
206
|
+
* Auth UI naming parity (`base-url.ts`).
|
|
207
|
+
* Same ordered list as {@link ATHENA_AUTH_UPSTREAM_ENV_KEYS}.
|
|
208
|
+
*/
|
|
209
|
+
declare const ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES: readonly ["ATHENA_AUTH_UPSTREAM_URL", "ATHENA_AUTH_URL", "NEXT_PUBLIC_ATHENA_AUTH_UPSTREAM_URL", "NEXT_PUBLIC_ATHENA_AUTH_URL"];
|
|
210
|
+
type AthenaAuthUpstreamEnvKey = (typeof ATHENA_AUTH_UPSTREAM_ENV_KEYS)[number];
|
|
211
|
+
/** Loose env map (Node `process.env` or a test fixture). */
|
|
212
|
+
type EnvLike = Record<string, string | undefined>;
|
|
213
|
+
type AthenaAuthUpstreamEnv = Partial<Record<AthenaAuthUpstreamEnvKey, string | undefined>> & EnvLike;
|
|
214
|
+
interface AthenaAuthClientBaseUrlOptions {
|
|
215
|
+
/**
|
|
216
|
+
* When `true` (default), ensure the client base ends with `/api/auth`.
|
|
217
|
+
* Set `false` when the auth server is mounted at a custom path or root.
|
|
218
|
+
*/
|
|
219
|
+
appendAuthPath?: boolean;
|
|
220
|
+
}
|
|
221
|
+
/**
|
|
222
|
+
* Returns `true` when the value is an absolute `http://` or `https://` URL.
|
|
223
|
+
*/
|
|
224
|
+
declare function isAbsoluteUrl(value: string): boolean;
|
|
225
|
+
/**
|
|
226
|
+
* Read the first non-empty Athena Auth upstream URL from an env-like map.
|
|
227
|
+
*
|
|
228
|
+
* @returns Trimmed URL string, or `undefined` when none of the keys are set
|
|
229
|
+
*/
|
|
230
|
+
declare function readAthenaAuthUpstreamUrlFromEnv(env: EnvLike): string | undefined;
|
|
231
|
+
/**
|
|
232
|
+
* Normalize a consumer-supplied auth base URL so it targets `/api/auth`
|
|
233
|
+
* (unless the path already ends with that segment).
|
|
234
|
+
*
|
|
235
|
+
* Absolute URLs keep origin and rewrite pathname; relative paths are ensured
|
|
236
|
+
* to end with `/api/auth`.
|
|
237
|
+
*
|
|
238
|
+
* @example
|
|
239
|
+
* ```ts
|
|
240
|
+
* normalizeAthenaAuthBaseUrl('https://auth.example.com')
|
|
241
|
+
* // => 'https://auth.example.com/api/auth'
|
|
242
|
+
*
|
|
243
|
+
* normalizeAthenaAuthBaseUrl('/api/auth')
|
|
244
|
+
* // => '/api/auth'
|
|
245
|
+
* ```
|
|
246
|
+
*/
|
|
247
|
+
declare function normalizeAthenaAuthBaseUrl(urlOrPath: string): string;
|
|
248
|
+
/**
|
|
249
|
+
* Resolve the **server-side** Athena Auth upstream origin (no `/api/auth` suffix).
|
|
250
|
+
*
|
|
251
|
+
* Used when proxying or calling the auth host directly from Node / edge.
|
|
252
|
+
*
|
|
253
|
+
* @param rawUpstreamUrl - Explicit URL, env map, or omit to read `process.env`
|
|
254
|
+
* @returns Origin like `https://auth.example.com` (no trailing slash)
|
|
255
|
+
*/
|
|
256
|
+
declare function resolveAthenaAuthUpstreamUrl(rawUpstreamUrl?: string | AthenaAuthUpstreamEnv): string;
|
|
257
|
+
/**
|
|
258
|
+
* Resolve the **browser-facing** auth client base URL.
|
|
259
|
+
*
|
|
260
|
+
* Default behavior appends `/api/auth` for same-origin proxying. Pass
|
|
261
|
+
* `{ appendAuthPath: false }` to keep a custom path or root mount.
|
|
262
|
+
*
|
|
263
|
+
* Overloads match common call styles from Athena Auth UI and app code:
|
|
264
|
+
* - `resolveAthenaAuthClientBaseUrl("https://auth.example.com")`
|
|
265
|
+
* - `resolveAthenaAuthClientBaseUrl(process.env)`
|
|
266
|
+
* - `resolveAthenaAuthClientBaseUrl(undefined)` → env + defaults
|
|
267
|
+
* - `resolveAthenaAuthClientBaseUrl(path, upstream, { appendAuthPath: false })`
|
|
268
|
+
*/
|
|
269
|
+
declare function resolveAthenaAuthClientBaseUrl(configuredAuthBaseUrl?: string | EnvLike, rawUpstreamUrl?: string | AthenaAuthUpstreamEnv, options?: AthenaAuthClientBaseUrlOptions): string;
|
|
270
|
+
declare function resolveAthenaAuthClientBaseUrl(configuredAuthBaseUrl: string, rawUpstreamUrl?: string | AthenaAuthUpstreamEnv, options?: AthenaAuthClientBaseUrlOptions): string;
|
|
271
|
+
/**
|
|
272
|
+
* Build an absolute Athena Auth request URL for a path under the client base.
|
|
273
|
+
*
|
|
274
|
+
* Resolves at **call time** (reads env when `rawBaseUrl` is omitted) so module
|
|
275
|
+
* load order does not freeze a stale URL.
|
|
276
|
+
*
|
|
277
|
+
* @param path - Path relative to the auth base (leading slashes stripped)
|
|
278
|
+
* @param rawBaseUrl - Optional base string or env map
|
|
279
|
+
*
|
|
280
|
+
* @example
|
|
281
|
+
* ```ts
|
|
282
|
+
* resolveAthenaAuthRequestUrl('get-session', 'https://auth.example.com')
|
|
283
|
+
* // => 'https://auth.example.com/api/auth/get-session'
|
|
284
|
+
* ```
|
|
285
|
+
*/
|
|
286
|
+
declare function resolveAthenaAuthRequestUrl(path: string, rawBaseUrl?: string | EnvLike): string;
|
|
287
|
+
/** Relative auth path for email verification (`GET /verify-email`). */
|
|
288
|
+
declare const ATHENA_AUTH_VERIFY_EMAIL_PATH = "verify-email";
|
|
289
|
+
/**
|
|
290
|
+
* Relative segment for session lookup (`GET /get-session`).
|
|
291
|
+
* Prefer with {@link resolveAthenaAuthRequestUrl} when `base` already ends in `/api/auth`.
|
|
292
|
+
*/
|
|
293
|
+
declare const ATHENA_AUTH_GET_SESSION_PATH = "get-session";
|
|
294
|
+
/**
|
|
295
|
+
* Absolute app/proxy path for session lookup.
|
|
296
|
+
* Use with `new URL(ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH, appOrigin)` when
|
|
297
|
+
* `baseUrl` is the **app origin** (e.g. `https://app.example.com`), not the auth client base.
|
|
298
|
+
*/
|
|
299
|
+
declare const ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH = "/api/auth/get-session";
|
|
300
|
+
/**
|
|
301
|
+
* @deprecated Alias of {@link ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH} for drop-in
|
|
302
|
+
* replacement of app-local `AUTH_SESSION_PATH` constants. Prefer the `ATHENA_` name.
|
|
303
|
+
*/
|
|
304
|
+
declare const AUTH_SESSION_PATH = "/api/auth/get-session";
|
|
305
|
+
/**
|
|
306
|
+
* Query param that forces Athena Auth / Better Auth style session handlers to
|
|
307
|
+
* skip cookie cache and re-read the live session cookie.
|
|
308
|
+
*/
|
|
309
|
+
declare const ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM = "disableCookieCache";
|
|
310
|
+
/**
|
|
311
|
+
* @deprecated Alias of {@link ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM}.
|
|
312
|
+
*/
|
|
313
|
+
declare const DISABLE_COOKIE_CACHE_QUERY_PARAM = "disableCookieCache";
|
|
314
|
+
/** Value paired with {@link ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM}. */
|
|
315
|
+
declare const ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE = "true";
|
|
316
|
+
/**
|
|
317
|
+
* @deprecated Alias of {@link ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE}.
|
|
318
|
+
*/
|
|
319
|
+
declare const DISABLE_COOKIE_CACHE_QUERY_VALUE = "true";
|
|
320
|
+
/**
|
|
321
|
+
* Optional request/response header some apps use to pass serialized session
|
|
322
|
+
* payload between edge middleware and the app (not set by the SDK itself).
|
|
323
|
+
*/
|
|
324
|
+
declare const ATHENA_SESSION_DATA_HEADER = "x-session-data";
|
|
325
|
+
/**
|
|
326
|
+
* @deprecated Alias of {@link ATHENA_SESSION_DATA_HEADER}.
|
|
327
|
+
*/
|
|
328
|
+
declare const SESSION_DATA_HEADER = "x-session-data";
|
|
329
|
+
/**
|
|
330
|
+
* Absolute callback URL for email verification.
|
|
331
|
+
*
|
|
332
|
+
* Equivalent to `resolveAthenaAuthRequestUrl("verify-email")` — use this in
|
|
333
|
+
* sign-up / send-verification payloads as `callbackURL` instead of a local
|
|
334
|
+
* wrapper around Auth UI `base-url` helpers.
|
|
335
|
+
*
|
|
336
|
+
* @param rawBaseUrl - Optional base string or env map (defaults to process env)
|
|
337
|
+
* @returns e.g. `https://auth.example.com/api/auth/verify-email`
|
|
338
|
+
*
|
|
339
|
+
* @example
|
|
340
|
+
* ```ts
|
|
341
|
+
* import { resolveEmailVerificationCallbackUrl } from "@xylex-group/athena/utils"
|
|
342
|
+
*
|
|
343
|
+
* await client.auth.signUp.email({
|
|
344
|
+
* email,
|
|
345
|
+
* password,
|
|
346
|
+
* name,
|
|
347
|
+
* callbackURL: resolveEmailVerificationCallbackUrl(),
|
|
348
|
+
* })
|
|
349
|
+
* ```
|
|
350
|
+
*/
|
|
351
|
+
declare function resolveEmailVerificationCallbackUrl(rawBaseUrl?: string | EnvLike): string;
|
|
352
|
+
/**
|
|
353
|
+
* Build a same-origin (or absolute) **fresh** get-session URL.
|
|
354
|
+
*
|
|
355
|
+
* Appends `disableCookieCache=true` so middleware / RSC session probes do not
|
|
356
|
+
* reuse a stale cookie-cache entry.
|
|
357
|
+
*
|
|
358
|
+
* @param baseUrl - App origin (`https://app.example.com`) or any base accepted by
|
|
359
|
+
* the `URL` constructor. Resolves {@link ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH}
|
|
360
|
+
* (`/api/auth/get-session`) against that base.
|
|
361
|
+
* @returns URL such as `https://app.example.com/api/auth/get-session?disableCookieCache=true`
|
|
362
|
+
*
|
|
363
|
+
* @example
|
|
364
|
+
* ```ts
|
|
365
|
+
* import { createFreshSessionLookupUrl } from "@xylex-group/athena/utils"
|
|
366
|
+
*
|
|
367
|
+
* const url = createFreshSessionLookupUrl("https://app.example.com")
|
|
368
|
+
* await fetch(url, { headers: { cookie: requestHeaders.get("cookie") ?? "" } })
|
|
369
|
+
* ```
|
|
370
|
+
*
|
|
371
|
+
* For auth-client base URLs that already include `/api/auth`, prefer:
|
|
372
|
+
* `resolveAthenaAuthRequestUrl("get-session", authBase) + "?disableCookieCache=true"`
|
|
373
|
+
* or pass the **app** origin into this helper when you proxy `/api/auth/*` locally.
|
|
374
|
+
*/
|
|
375
|
+
declare function createFreshSessionLookupUrl(baseUrl: string | URL): URL;
|
|
376
|
+
|
|
377
|
+
export { ATHENA_AUTH_COOKIE_PREFIXES as A, AUTH_SESSION_PATH as B, type ClearAuthCookiesOptions as C, DEFAULT_ATHENA_AUTH_ORIGIN as D, type EnvLike as E, AUTH_TWO_FACTOR_SEGMENT as F, type AthenaAuthClientBaseUrlOptions as G, type AthenaAuthUpstreamEnv as H, type AthenaAuthUpstreamEnvKey as I, type AuthMode as J, type AuthModeRedirects as K, type AuthRoutes as L, DEFAULT_ATHENA_AUTH_UPSTREAM_URL as M, DEFAULT_AUTH_COOKIE_PREFIXES as N, DISABLE_COOKIE_CACHE_QUERY_PARAM as O, DISABLE_COOKIE_CACHE_QUERY_VALUE as P, LOCAL_DEV_ORIGIN as Q, createAuthModeRedirects as R, SESSION_DATA_HEADER as S, createAuthRoutes as T, createFreshSessionLookupUrl as U, isAuthMode as V, readAthenaAuthUpstreamUrlFromEnv as W, resolveAuthModeRedirect as X, shouldRedirectAuthenticatedAuthMode as Y, ATHENA_AUTH_PATH as a, ATHENA_AUTH_UPSTREAM_ENV_KEYS as b, ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES as c, AUTH_DEFAULT_VIEW as d, AUTH_ROUTES as e, AUTH_VIEW_BY_SEGMENT as f, type AuthView as g, clearAuthCookies as h, isAbsoluteUrl as i, resolveAthenaAuthRequestUrl as j, resolveAthenaAuthUpstreamUrl as k, resolveAuthViewFromSegment as l, resolveEmailVerificationCallbackUrl as m, normalizeAthenaAuthBaseUrl as n, ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM as o, ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE as p, ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH as q, resolveAthenaAuthClientBaseUrl as r, shouldRedirectAuthenticatedAuthView as s, ATHENA_AUTH_GET_SESSION_PATH as t, ATHENA_AUTH_VERIFY_EMAIL_PATH as u, ATHENA_SESSION_DATA_HEADER as v, AUTHENTICATED_REDIRECT_MODE_SET as w, AUTHENTICATED_REDIRECT_VIEW_SET as x, AUTH_MODE_REDIRECTS as y, AUTH_MODE_SET as z };
|
package/dist/browser.cjs
CHANGED
|
@@ -802,7 +802,7 @@ var getCookieCache = async (request2, config) => {
|
|
|
802
802
|
|
|
803
803
|
// src/utils/athena-request-headers.ts
|
|
804
804
|
var NO_CACHE_HEADER_VALUE = "no-cache";
|
|
805
|
-
var API_KEY_HEADER_CANDIDATES = ["X-Api-Key", "x-api-key", "apikey"];
|
|
805
|
+
var API_KEY_HEADER_CANDIDATES = ["X-Athena-Key", "x-athena-key", "X-Api-Key", "x-api-key", "apikey"];
|
|
806
806
|
var ATHENA_KEY_HEADER_CANDIDATES = ["X-Athena-Key", "x-athena-key"];
|
|
807
807
|
var SESSION_TOKEN_HEADER_CANDIDATES = ["X-Athena-Auth-Session-Token"];
|
|
808
808
|
var BEARER_MIRROR_HEADER_CANDIDATES = ["X-Athena-Auth-Bearer-Token"];
|
|
@@ -904,17 +904,6 @@ function buildServiceRequestHeaders(profile, sdkHeaderValue, config, options, ex
|
|
|
904
904
|
});
|
|
905
905
|
}
|
|
906
906
|
function applyAthenaApiKeyHeaders(headers, apiKey, athenaKey) {
|
|
907
|
-
if (apiKey) {
|
|
908
|
-
if (!hasHeaderIgnoreCase(headers, "apikey")) {
|
|
909
|
-
headers.apikey = apiKey;
|
|
910
|
-
}
|
|
911
|
-
if (!Object.hasOwn(headers, "x-api-key")) {
|
|
912
|
-
headers["x-api-key"] = apiKey;
|
|
913
|
-
}
|
|
914
|
-
if (!Object.hasOwn(headers, "X-Api-Key")) {
|
|
915
|
-
headers["X-Api-Key"] = apiKey;
|
|
916
|
-
}
|
|
917
|
-
}
|
|
918
907
|
const resolvedAthenaKey = normalizeHeaderValue(athenaKey) ?? normalizeHeaderValue(apiKey);
|
|
919
908
|
if (resolvedAthenaKey && !hasHeaderIgnoreCase(headers, "X-Athena-Key")) {
|
|
920
909
|
headers["X-Athena-Key"] = resolvedAthenaKey;
|
|
@@ -1040,7 +1029,7 @@ function buildAthenaRequestHeaders(input) {
|
|
|
1040
1029
|
|
|
1041
1030
|
// package.json
|
|
1042
1031
|
var package_default = {
|
|
1043
|
-
version: "2.
|
|
1032
|
+
version: "2.13.0"
|
|
1044
1033
|
};
|
|
1045
1034
|
|
|
1046
1035
|
// src/sdk-version.ts
|
|
@@ -3743,38 +3732,6 @@ async function withRetry(config, fn) {
|
|
|
3743
3732
|
throw new Error("withRetry reached an unexpected state");
|
|
3744
3733
|
}
|
|
3745
3734
|
|
|
3746
|
-
// src/db/module.ts
|
|
3747
|
-
function createDbModule(input) {
|
|
3748
|
-
const db = {
|
|
3749
|
-
from: input.from,
|
|
3750
|
-
select(table2, first, second) {
|
|
3751
|
-
if (first && typeof first === "object" && !Array.isArray(first)) {
|
|
3752
|
-
return input.from(table2).select(void 0, first);
|
|
3753
|
-
}
|
|
3754
|
-
return input.from(table2).select(first, second);
|
|
3755
|
-
},
|
|
3756
|
-
insert(table2, values, options) {
|
|
3757
|
-
return Array.isArray(values) ? input.from(table2).insert(values, options) : input.from(table2).insert(values, options);
|
|
3758
|
-
},
|
|
3759
|
-
upsert(table2, values, options) {
|
|
3760
|
-
return Array.isArray(values) ? input.from(table2).upsert(values, options) : input.from(table2).upsert(values, options);
|
|
3761
|
-
},
|
|
3762
|
-
update(table2, values, options) {
|
|
3763
|
-
return input.from(table2).update(values, options);
|
|
3764
|
-
},
|
|
3765
|
-
delete(table2, options) {
|
|
3766
|
-
return input.from(table2).delete(options);
|
|
3767
|
-
},
|
|
3768
|
-
rpc(fn, args, options) {
|
|
3769
|
-
return input.rpc(fn, args, options);
|
|
3770
|
-
},
|
|
3771
|
-
query(query, options) {
|
|
3772
|
-
return input.query(query, options);
|
|
3773
|
-
}
|
|
3774
|
-
};
|
|
3775
|
-
return db;
|
|
3776
|
-
}
|
|
3777
|
-
|
|
3778
3735
|
// src/storage/file.ts
|
|
3779
3736
|
function createStorageFileModule(base, config = {}) {
|
|
3780
3737
|
const upload = async (input, options) => {
|
|
@@ -9406,7 +9363,30 @@ function createClientFromConfig(config, sourceConfig) {
|
|
|
9406
9363
|
config.experimental,
|
|
9407
9364
|
queryTracer
|
|
9408
9365
|
);
|
|
9409
|
-
const
|
|
9366
|
+
const untypedDbFrom = from;
|
|
9367
|
+
const db = {
|
|
9368
|
+
from,
|
|
9369
|
+
select(table2, first, second) {
|
|
9370
|
+
if (first && typeof first === "object" && !Array.isArray(first)) {
|
|
9371
|
+
return untypedDbFrom(table2).select(void 0, first);
|
|
9372
|
+
}
|
|
9373
|
+
return untypedDbFrom(table2).select(first, second);
|
|
9374
|
+
},
|
|
9375
|
+
insert(table2, values, options) {
|
|
9376
|
+
return Array.isArray(values) ? untypedDbFrom(table2).insert(values, options) : untypedDbFrom(table2).insert(values, options);
|
|
9377
|
+
},
|
|
9378
|
+
upsert(table2, values, options) {
|
|
9379
|
+
return Array.isArray(values) ? untypedDbFrom(table2).upsert(values, options) : untypedDbFrom(table2).upsert(values, options);
|
|
9380
|
+
},
|
|
9381
|
+
update(table2, values, options) {
|
|
9382
|
+
return untypedDbFrom(table2).update(values, options);
|
|
9383
|
+
},
|
|
9384
|
+
delete(table2, options) {
|
|
9385
|
+
return untypedDbFrom(table2).delete(options);
|
|
9386
|
+
},
|
|
9387
|
+
rpc,
|
|
9388
|
+
query
|
|
9389
|
+
};
|
|
9410
9390
|
const chat = createChatModule({
|
|
9411
9391
|
baseUrl: config.chatUrl,
|
|
9412
9392
|
apiKey: config.apiKey,
|
|
@@ -9557,7 +9537,9 @@ function createClientFromConfig(config, sourceConfig) {
|
|
|
9557
9537
|
var AthenaClient = class {
|
|
9558
9538
|
/** Create a fluent builder for a strongly-typed Athena SDK client. */
|
|
9559
9539
|
static builder() {
|
|
9560
|
-
return createAthenaClientBuilder(
|
|
9540
|
+
return createAthenaClientBuilder(
|
|
9541
|
+
(config) => createClientFromInput(config)
|
|
9542
|
+
);
|
|
9561
9543
|
}
|
|
9562
9544
|
static fromEnvironment(options = {}) {
|
|
9563
9545
|
const env = options.env ?? process.env;
|
|
@@ -9588,7 +9570,8 @@ var AthenaClient = class {
|
|
|
9588
9570
|
});
|
|
9589
9571
|
}
|
|
9590
9572
|
};
|
|
9591
|
-
function createClient(
|
|
9573
|
+
function createClient(...args) {
|
|
9574
|
+
const [configOrUrl, apiKey, options] = args;
|
|
9592
9575
|
if (typeof configOrUrl === "string" || configOrUrl === null || configOrUrl === void 0) {
|
|
9593
9576
|
return createClientFromInput({
|
|
9594
9577
|
url: configOrUrl,
|
|
@@ -10209,7 +10192,8 @@ var TypedAthenaClientImpl = class _TypedAthenaClientImpl {
|
|
|
10209
10192
|
fromModel(database, schema, model) {
|
|
10210
10193
|
const modelDef = this.registryNavigator.resolveModel(database, schema, model);
|
|
10211
10194
|
const tableName = this.registryNavigator.resolveTableName(schema, model, modelDef);
|
|
10212
|
-
|
|
10195
|
+
const from = this.baseClient.from;
|
|
10196
|
+
return from(tableName);
|
|
10213
10197
|
}
|
|
10214
10198
|
};
|
|
10215
10199
|
function createTypedClient(registry, url, apiKey, options) {
|