@zitadel/astro-auth 1.2.0

package/dist/index.js

@@ -0,0 +1,152 @@
+// src/config.ts
+var getEnvVars = (envOverride) => {
+  if (envOverride) {
+    return envOverride;
+  } else if (typeof import.meta !== "undefined" && import.meta.env) {
+    const env = import.meta.env;
+    return {
+      AUTH_SECRET: env.AUTH_SECRET,
+      AUTH_TRUST_HOST: env.AUTH_TRUST_HOST,
+      VERCEL: env.VERCEL,
+      CF_PAGES: env.CF_PAGES,
+      NODE_ENV: env.NODE_ENV
+    };
+  } else {
+    return {
+      AUTH_SECRET: void 0,
+      AUTH_TRUST_HOST: void 0,
+      VERCEL: void 0,
+      CF_PAGES: void 0,
+      NODE_ENV: void 0
+    };
+  }
+};
+var parseBool = (value) => {
+  if (!value) {
+    return false;
+  } else {
+    return /^(1|true|yes|on)$/i.test(value);
+  }
+};
+var defineConfig = (config, envOverride) => {
+  const { AUTH_SECRET, AUTH_TRUST_HOST, VERCEL, CF_PAGES, NODE_ENV } = getEnvVars(envOverride);
+  const prefix = typeof config.prefix === "string" && config.prefix.length > 0 ? config.prefix : "/api/auth";
+  const secret = typeof config.secret === "string" && config.secret.length > 0 ? config.secret : AUTH_SECRET;
+  const hasExplicitTrustHost = Object.prototype.hasOwnProperty.call(
+    config,
+    "trustHost"
+  );
+  let trustHost;
+  if (hasExplicitTrustHost) {
+    trustHost = Boolean(config.trustHost);
+  } else if (parseBool(AUTH_TRUST_HOST)) {
+    trustHost = true;
+  } else if (parseBool(VERCEL)) {
+    trustHost = true;
+  } else if (parseBool(CF_PAGES)) {
+    trustHost = true;
+  } else {
+    trustHost = NODE_ENV !== "production";
+  }
+  return {
+    ...config,
+    prefix,
+    basePath: prefix,
+    secret,
+    trustHost
+  };
+};
+var virtualConfigModule = (configFile = "./auth.config") => {
+  const virtualModuleId = "auth:config";
+  const resolvedId = "\0" + virtualModuleId;
+  const resolveConfig = async function() {
+    const r = await this.resolve(configFile);
+    if (r && r.id) {
+      return r.id;
+    } else {
+      return null;
+    }
+  };
+  return {
+    name: "astro-auth-config",
+    enforce: "pre",
+    resolveId: (id) => {
+      if (id === virtualModuleId) {
+        return resolvedId;
+      } else {
+        return void 0;
+      }
+    },
+    load: async function(id) {
+      if (id === resolvedId) {
+        const cfg = await resolveConfig.call(this);
+        if (!cfg) {
+          throw new Error(`[astro-auth] Cannot resolve ${configFile}`);
+        } else {
+          return `export { default as default } from ${JSON.stringify(cfg)};`;
+        }
+      } else {
+        return void 0;
+      }
+    },
+    buildStart: async function() {
+      const cfg = await resolveConfig.call(this);
+      if (cfg) {
+        this.addWatchFile(cfg);
+      }
+    },
+    handleHotUpdate: async function(ctx) {
+      const resolved = await ctx.server.pluginContainer.resolveId(configFile);
+      const configPath = resolved && resolved.id ? resolved.id : null;
+      if (configPath && ctx.file === configPath) {
+        const mod = ctx.server.moduleGraph.getModuleById(resolvedId);
+        if (mod) {
+          ctx.server.moduleGraph.invalidateModule(mod);
+        }
+        return [ctx.server.moduleGraph.getModuleById(configPath)].filter(
+          Boolean
+        );
+      } else {
+        return void 0;
+      }
+    }
+  };
+};
+
+// src/integration.ts
+import { fileURLToPath } from "url";
+var integration_default = (config = {}) => ({
+  name: "astro-auth",
+  hooks: {
+    "astro:config:setup": async ({
+      config: astroConfig,
+      injectRoute,
+      updateConfig
+    }) => {
+      updateConfig({
+        vite: {
+          plugins: [virtualConfigModule(config.configFile)],
+          // IMPORTANT: never pre-bundle the virtual module
+          optimizeDeps: { exclude: ["auth:config"] }
+        }
+      });
+      config.prefix ??= "/api/auth";
+      if (config.injectEndpoints !== false) {
+        const entrypoint = fileURLToPath(
+          new URL("./api/[...auth].js", import.meta.url)
+        );
+        injectRoute({ pattern: `${config.prefix}/[...auth]`, entrypoint });
+      }
+      if (!astroConfig.adapter) {
+        throw new Error(
+          "No adapter found. Authentication requires server-side rendering. Please add an adapter to your Astro config."
+        );
+      }
+    }
+  }
+});
+export {
+  integration_default as default,
+  defineConfig
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/config.ts","../src/integration.ts"],"sourcesContent":["import type { AuthConfig } from '@auth/core/types';\nimport type { PluginContext } from 'rollup';\nimport type { ViteUserConfig } from 'astro';\n\ntype PluginOption = NonNullable<ViteUserConfig['plugins']>[number];\n\n/**\n * Configuration options specific to the Astro integration.\n *\n * @public\n */\nexport interface AstroIntegrationOptions {\n  /**\n   * Base path for authentication routes.\n   *\n   * @defaultValue '/api/auth'\n   *\n   * @example\n   * ```js\n   * authAstro({ prefix: '/auth' })\n   * // Routes will be available at /auth/signin, /auth/signout, etc.\n   * ```\n   */\n  prefix?: string;\n\n  /**\n   * Whether the integration should automatically inject authentication\n   * endpoints.\n   *\n   * Set to `false` if you want to manually define authentication routes.\n   *\n   * @defaultValue true\n   */\n  injectEndpoints?: boolean;\n\n  /**\n   * Path to the authentication configuration file.\n   *\n   * @defaultValue './auth.config'\n   *\n   * @example\n   * ```js\n   * authAstro({ configFile: './config/authentication.ts' })\n   * ```\n   */\n  configFile?: string;\n}\n\n/**\n * Complete authentication configuration merging Astro-specific options\n * with Auth.js core configuration.\n *\n * @public\n */\nexport interface FullAuthConfig\n  extends AstroIntegrationOptions,\n    Omit<AuthConfig, 'raw'> {}\n\n/**\n * Environment variables structure used by Auth.js configuration.\n *\n * @public\n */\nexport interface AuthEnvVars {\n  AUTH_SECRET?: string;\n  AUTH_TRUST_HOST?: string;\n  VERCEL?: string;\n  CF_PAGES?: string;\n  NODE_ENV?: string;\n}\n\n/**\n * Retrieves environment variables from the runtime environment.\n *\n * This function provides a safe way to access Vite's `import.meta.env` object,\n * which may not be available in all contexts (e.g., during Jest testing).\n * By extracting this logic into a separate function with a parameter override,\n * we enable easy testing while maintaining the same behavior in production.\n *\n * @param envOverride - Optional environment variables to use instead of import.meta.env\n * @returns Object containing Auth.js-related environment variables\n *\n * @internal\n *\n * @remarks\n * This function accepts an optional parameter for testing purposes. In production\n * code, it reads from `import.meta.env`. In tests, callers can pass a mock\n * environment object to control the values without complex mocking.\n *\n * @example Production usage\n * ```ts\n * const env = getEnvVars()\n * console.log(env.AUTH_SECRET)\n * ```\n *\n * @example Test usage\n * ```ts\n * const env = getEnvVars({ AUTH_SECRET: 'test-secret' })\n * ```\n */\nconst getEnvVars = (envOverride?: AuthEnvVars): AuthEnvVars => {\n  if (envOverride) {\n    return envOverride;\n  } else if (\n    typeof import.meta !== 'undefined' &&\n    (import.meta as { env: Record<string, string | undefined> }).env\n  ) {\n    const env = (import.meta as { env: Record<string, string | undefined> })\n      .env;\n    return {\n      AUTH_SECRET: env.AUTH_SECRET,\n      AUTH_TRUST_HOST: env.AUTH_TRUST_HOST,\n      VERCEL: env.VERCEL,\n      CF_PAGES: env.CF_PAGES,\n      NODE_ENV: env.NODE_ENV,\n    };\n  } else {\n    return {\n      AUTH_SECRET: undefined,\n      AUTH_TRUST_HOST: undefined,\n      VERCEL: undefined,\n      CF_PAGES: undefined,\n      NODE_ENV: undefined,\n    };\n  }\n};\n\n/**\n * Parses a string value as a boolean.\n *\n * Only treats explicit truthy values as true: \"1\", \"true\", \"yes\", \"on\" (case-insensitive).\n * All other values including \"0\", \"false\", undefined, etc. return false.\n *\n * @param value - The string value to parse\n * @returns true if the value is explicitly truthy, false otherwise\n *\n * @internal\n */\nconst parseBool = (value?: string): boolean => {\n  if (!value) {\n    return false;\n  } else {\n    return /^(1|true|yes|on)$/i.test(value);\n  }\n};\n\n/**\n * Helper function to define authentication configuration with type safety.\n *\n * This function applies default values and reads environment variables to\n * provide a complete configuration object. Environment variables are only\n * used as fallbacks when values are not explicitly provided in the config.\n *\n * Environment variables read (in order of precedence for `trustHost`):\n * - `config.trustHost`: Explicit config value (highest priority)\n * - `AUTH_TRUST_HOST`: Whether to trust the X-Forwarded-Host header (\"1\"/\"true\"/\"yes\"/\"on\")\n * - `VERCEL`: Automatically set by Vercel (any truthy value enables trustHost)\n * - `CF_PAGES`: Automatically set by Cloudflare Pages (any truthy value enables trustHost)\n * - `NODE_ENV`: Node environment (trustHost enabled if not 'production')\n *\n * For `secret`:\n * - `config.secret`: Explicit config value (highest priority)\n * - `AUTH_SECRET`: Environment variable fallback\n *\n * @param config - Authentication configuration object\n * @param envOverride - Optional environment variables for testing\n * @returns Configuration with defaults applied\n *\n * @example\n * ```ts\n * import { defineConfig } from 'astro-auth'\n * import GitHub from '@auth/core/providers/github'\n *\n * export default defineConfig({\n *   providers: [\n *     GitHub({\n *       clientId: process.env.GITHUB_ID,\n *       clientSecret: process.env.GITHUB_SECRET\n *     })\n *   ],\n *   secret: process.env.AUTH_SECRET\n * })\n * ```\n *\n * @public\n */\nexport const defineConfig = (\n  config: Readonly<FullAuthConfig>,\n  envOverride?: AuthEnvVars,\n): FullAuthConfig => {\n  const { AUTH_SECRET, AUTH_TRUST_HOST, VERCEL, CF_PAGES, NODE_ENV } =\n    getEnvVars(envOverride);\n\n  const prefix =\n    typeof config.prefix === 'string' && config.prefix.length > 0\n      ? config.prefix\n      : '/api/auth';\n  const secret =\n    typeof config.secret === 'string' && config.secret.length > 0\n      ? config.secret\n      : AUTH_SECRET;\n\n  const hasExplicitTrustHost = Object.prototype.hasOwnProperty.call(\n    config,\n    'trustHost',\n  );\n  let trustHost: boolean;\n  if (hasExplicitTrustHost) {\n    trustHost = Boolean((config as { trustHost?: unknown }).trustHost);\n  } else if (parseBool(AUTH_TRUST_HOST)) {\n    trustHost = true;\n  } else if (parseBool(VERCEL)) {\n    trustHost = true;\n  } else if (parseBool(CF_PAGES)) {\n    trustHost = true;\n  } else {\n    trustHost = NODE_ENV !== 'production';\n  }\n\n  return {\n    ...config,\n    prefix,\n    basePath: prefix,\n    secret,\n    trustHost,\n  };\n};\n\n/**\n * Creates a Vite virtual module plugin for auth configuration.\n *\n * Allows importing user configuration via the `auth:config` virtual module\n * regardless of the actual file location specified in the integration\n * configuration.\n *\n * @param configFile - Path to the configuration file\n * @returns Vite plugin for handling the virtual module\n *\n * @internal\n */\nexport const virtualConfigModule = (\n  configFile: string = './auth.config',\n): PluginOption => {\n  const virtualModuleId = 'auth:config';\n  const resolvedId = '\\0' + virtualModuleId;\n\n  const resolveConfig = async function (\n    this: PluginContext,\n  ): Promise<string | null> {\n    const r = await this.resolve(configFile);\n    if (r && r.id) {\n      return r.id;\n    } else {\n      return null;\n    }\n  };\n\n  return {\n    name: 'astro-auth-config',\n    enforce: 'pre',\n    resolveId: (id) => {\n      if (id === virtualModuleId) {\n        return resolvedId;\n      } else {\n        return undefined;\n      }\n    },\n    load: async function (id) {\n      if (id === resolvedId) {\n        const cfg = await resolveConfig.call(this);\n        if (!cfg) {\n          throw new Error(`[astro-auth] Cannot resolve ${configFile}`);\n        } else {\n          return `export { default as default } from ${JSON.stringify(cfg)};`;\n        }\n      } else {\n        return undefined;\n      }\n    },\n    buildStart: async function () {\n      const cfg = await resolveConfig.call(this);\n      if (cfg) {\n        this.addWatchFile(cfg);\n      }\n    },\n    handleHotUpdate: async function (ctx) {\n      const resolved = await ctx.server.pluginContainer.resolveId(configFile);\n      const configPath = resolved && resolved.id ? resolved.id : null;\n      if (configPath && ctx.file === configPath) {\n        const mod = ctx.server.moduleGraph.getModuleById(resolvedId);\n        if (mod) {\n          ctx.server.moduleGraph.invalidateModule(mod);\n        }\n        return [ctx.server.moduleGraph.getModuleById(configPath)!].filter(\n          Boolean,\n        );\n      } else {\n        return undefined;\n      }\n    },\n  };\n};\n","import type { AstroIntegration } from 'astro';\nimport { type AstroIntegrationOptions, virtualConfigModule } from './config.js';\nimport { fileURLToPath } from 'node:url';\n\n/**\n * Creates an Astro integration for authentication using Auth.js.\n *\n * This integration handles:\n * - Virtual module configuration for auth settings\n * - Automatic route injection for authentication endpoints\n * - Vite configuration for proper module resolution\n *\n * @param config - Configuration options for the integration\n * @returns Configured Astro integration\n * @throws {Error} When no adapter is configured (server-side rendering is required).\n *\n * @remarks\n * This integration requires server-side rendering. Ensure you have\n * configured an Astro adapter (e.g., `@astrojs/node`, `@astrojs/vercel`)\n * in your Astro config.\n *\n * @public\n */\nexport default (config: AstroIntegrationOptions = {}): AstroIntegration => ({\n  name: 'astro-auth',\n  hooks: {\n    'astro:config:setup': async ({\n      config: astroConfig,\n      injectRoute,\n      updateConfig,\n    }) => {\n      updateConfig({\n        vite: {\n          plugins: [virtualConfigModule(config.configFile)],\n          // IMPORTANT: never pre-bundle the virtual module\n          optimizeDeps: { exclude: ['auth:config'] },\n        },\n      });\n\n      config.prefix ??= '/api/auth';\n\n      if (config.injectEndpoints !== false) {\n        const entrypoint = fileURLToPath(\n          new URL('./api/[...auth].js', import.meta.url),\n        );\n        injectRoute({ pattern: `${config.prefix}/[...auth]`, entrypoint });\n      }\n\n      if (!astroConfig.adapter) {\n        throw new Error(\n          'No adapter found. Authentication requires server-side rendering. Please add an adapter to your Astro config.',\n        );\n      }\n    },\n  },\n});\n"],"mappings":";AAoGA,IAAM,aAAa,CAAC,gBAA2C;AAC7D,MAAI,aAAa;AACf,WAAO;AAAA,EACT,WACE,OAAO,gBAAgB,eACtB,YAA4D,KAC7D;AACA,UAAM,MAAO,YACV;AACH,WAAO;AAAA,MACL,aAAa,IAAI;AAAA,MACjB,iBAAiB,IAAI;AAAA,MACrB,QAAQ,IAAI;AAAA,MACZ,UAAU,IAAI;AAAA,MACd,UAAU,IAAI;AAAA,IAChB;AAAA,EACF,OAAO;AACL,WAAO;AAAA,MACL,aAAa;AAAA,MACb,iBAAiB;AAAA,MACjB,QAAQ;AAAA,MACR,UAAU;AAAA,MACV,UAAU;AAAA,IACZ;AAAA,EACF;AACF;AAaA,IAAM,YAAY,CAAC,UAA4B;AAC7C,MAAI,CAAC,OAAO;AACV,WAAO;AAAA,EACT,OAAO;AACL,WAAO,qBAAqB,KAAK,KAAK;AAAA,EACxC;AACF;AA0CO,IAAM,eAAe,CAC1B,QACA,gBACmB;AACnB,QAAM,EAAE,aAAa,iBAAiB,QAAQ,UAAU,SAAS,IAC/D,WAAW,WAAW;AAExB,QAAM,SACJ,OAAO,OAAO,WAAW,YAAY,OAAO,OAAO,SAAS,IACxD,OAAO,SACP;AACN,QAAM,SACJ,OAAO,OAAO,WAAW,YAAY,OAAO,OAAO,SAAS,IACxD,OAAO,SACP;AAEN,QAAM,uBAAuB,OAAO,UAAU,eAAe;AAAA,IAC3D;AAAA,IACA;AAAA,EACF;AACA,MAAI;AACJ,MAAI,sBAAsB;AACxB,gBAAY,QAAS,OAAmC,SAAS;AAAA,EACnE,WAAW,UAAU,eAAe,GAAG;AACrC,gBAAY;AAAA,EACd,WAAW,UAAU,MAAM,GAAG;AAC5B,gBAAY;AAAA,EACd,WAAW,UAAU,QAAQ,GAAG;AAC9B,gBAAY;AAAA,EACd,OAAO;AACL,gBAAY,aAAa;AAAA,EAC3B;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA,UAAU;AAAA,IACV;AAAA,IACA;AAAA,EACF;AACF;AAcO,IAAM,sBAAsB,CACjC,aAAqB,oBACJ;AACjB,QAAM,kBAAkB;AACxB,QAAM,aAAa,OAAO;AAE1B,QAAM,gBAAgB,iBAEI;AACxB,UAAM,IAAI,MAAM,KAAK,QAAQ,UAAU;AACvC,QAAI,KAAK,EAAE,IAAI;AACb,aAAO,EAAE;AAAA,IACX,OAAO;AACL,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,IACT,WAAW,CAAC,OAAO;AACjB,UAAI,OAAO,iBAAiB;AAC1B,eAAO;AAAA,MACT,OAAO;AACL,eAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA,MAAM,eAAgB,IAAI;AACxB,UAAI,OAAO,YAAY;AACrB,cAAM,MAAM,MAAM,cAAc,KAAK,IAAI;AACzC,YAAI,CAAC,KAAK;AACR,gBAAM,IAAI,MAAM,+BAA+B,UAAU,EAAE;AAAA,QAC7D,OAAO;AACL,iBAAO,sCAAsC,KAAK,UAAU,GAAG,CAAC;AAAA,QAClE;AAAA,MACF,OAAO;AACL,eAAO;AAAA,MACT;AAAA,IACF;AAAA,IACA,YAAY,iBAAkB;AAC5B,YAAM,MAAM,MAAM,cAAc,KAAK,IAAI;AACzC,UAAI,KAAK;AACP,aAAK,aAAa,GAAG;AAAA,MACvB;AAAA,IACF;AAAA,IACA,iBAAiB,eAAgB,KAAK;AACpC,YAAM,WAAW,MAAM,IAAI,OAAO,gBAAgB,UAAU,UAAU;AACtE,YAAM,aAAa,YAAY,SAAS,KAAK,SAAS,KAAK;AAC3D,UAAI,cAAc,IAAI,SAAS,YAAY;AACzC,cAAM,MAAM,IAAI,OAAO,YAAY,cAAc,UAAU;AAC3D,YAAI,KAAK;AACP,cAAI,OAAO,YAAY,iBAAiB,GAAG;AAAA,QAC7C;AACA,eAAO,CAAC,IAAI,OAAO,YAAY,cAAc,UAAU,CAAE,EAAE;AAAA,UACzD;AAAA,QACF;AAAA,MACF,OAAO;AACL,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACF;;;AC3SA,SAAS,qBAAqB;AAqB9B,IAAO,sBAAQ,CAAC,SAAkC,CAAC,OAAyB;AAAA,EAC1E,MAAM;AAAA,EACN,OAAO;AAAA,IACL,sBAAsB,OAAO;AAAA,MAC3B,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACF,MAAM;AACJ,mBAAa;AAAA,QACX,MAAM;AAAA,UACJ,SAAS,CAAC,oBAAoB,OAAO,UAAU,CAAC;AAAA;AAAA,UAEhD,cAAc,EAAE,SAAS,CAAC,aAAa,EAAE;AAAA,QAC3C;AAAA,MACF,CAAC;AAED,aAAO,WAAW;AAElB,UAAI,OAAO,oBAAoB,OAAO;AACpC,cAAM,aAAa;AAAA,UACjB,IAAI,IAAI,sBAAsB,YAAY,GAAG;AAAA,QAC/C;AACA,oBAAY,EAAE,SAAS,GAAG,OAAO,MAAM,cAAc,WAAW,CAAC;AAAA,MACnE;AAEA,UAAI,CAAC,YAAY,SAAS;AACxB,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/dist/server.d.ts

@@ -0,0 +1,50 @@
+import { F as FullAuthConfig } from './config-lAdfi49m.js';
+import { APIContext } from 'astro';
+import { b as AstroAuthConfig } from './types-Bvas30QH.js';
+import { Session } from '@auth/core/types';
+
+/**
+ * Creates a set of Astro endpoints for authentication.
+ *
+ * @param options - The configuration for authentication providers and other options.
+ * @returns An object with `GET` and `POST` methods that can be exported in an Astro endpoint.
+ * @throws {Error} When auth configuration is not found or not properly configured.
+ *
+ * @example
+ * ```ts
+ * export const { GET, POST } = AstroAuth({
+ *   providers: [
+ *     GitHub({
+ *       clientId: process.env.GITHUB_ID!,
+ *       clientSecret: process.env.GITHUB_SECRET!,
+ *     }),
+ *   ],
+ *   debug: false,
+ * })
+ * ```
+ */
+declare function AstroAuth(options?: FullAuthConfig): {
+    GET(context: APIContext): Promise<Response>;
+    POST(context: APIContext): Promise<Response>;
+};
+/**
+ * Retrieves the current session for a Request.
+ *
+ * This function extracts session information from the request cookies and
+ * validates it against the Auth.js configuration. It returns the session
+ * object if valid or null if no valid session exists.
+ *
+ * @param req - The Request object
+ * @param config - The authentication configuration
+ * @returns Promise resolving to session data or null
+ * @throws {Error} When session validation fails or Auth.js returns an error
+ *
+ * @example
+ * ```ts
+ * const session = await getSession(request, authConfig)
+ * if (!session) throw new Error ("Not authenticated")
+ * ```
+ */
+declare function getSession(req: Request, config: AstroAuthConfig): Promise<Session | null>;
+
+export { AstroAuth, getSession };

package/dist/server.js

@@ -0,0 +1,84 @@
+// src/server.ts
+import { Auth, createActionURL, setEnvDefaults } from "@auth/core";
+import authConfig from "auth:config";
+function AstroAuthHandler(prefix, options = authConfig) {
+  const normalizedPrefix = prefix.endsWith("/") ? prefix.slice(0, -1) : prefix;
+  return async ({ request }) => {
+    const url = new URL(request.url);
+    if (!url.pathname.startsWith(normalizedPrefix + "/")) {
+      return;
+    }
+    return await Auth(request, options);
+  };
+}
+function AstroAuth(options = authConfig) {
+  const config = options ?? authConfig;
+  if (!config) {
+    throw new Error(
+      "Auth configuration not found. Please ensure auth.config is properly configured."
+    );
+  }
+  const { prefix = "/api/auth", ...authOptions } = config;
+  const handler = AstroAuthHandler(prefix, authOptions);
+  return {
+    async GET(context) {
+      return await handler(context);
+    },
+    async POST(context) {
+      return await handler(context);
+    }
+  };
+}
+async function getSession(req, config) {
+  setEnvDefaults(process.env, config);
+  const url = createActionURL(
+    "session",
+    new URL(req.url).protocol.replace(":", ""),
+    new Headers(req.headers),
+    process.env,
+    config
+  );
+  const headers = new Headers(req.headers);
+  const response = await Auth(
+    new Request(url, {
+      headers
+    }),
+    config
+  );
+  const status = response.status ?? 200;
+  const data = await response.json();
+  if (!data || !Object.keys(data).length) {
+    return null;
+  } else {
+    const astroGlobal = globalThis;
+    const target = astroGlobal.Astro && astroGlobal.Astro.response ? astroGlobal.Astro.response.headers : void 0;
+    if (target) {
+      const h = response.headers;
+      if (h && typeof h.getSetCookie === "function") {
+        const cookies = h.getSetCookie();
+        if (Array.isArray(cookies)) {
+          for (const c of cookies) {
+            target.append("Set-Cookie", c);
+          }
+        }
+      } else {
+        const single = response.headers.get("set-cookie");
+        if (single) {
+          target.append("Set-Cookie", single);
+        }
+      }
+    }
+    if (status === 200) {
+      return data;
+    } else {
+      throw new Error(
+        `[astro-auth] getSession failed: ${status} ${JSON.stringify(data)}`
+      );
+    }
+  }
+}
+export {
+  AstroAuth,
+  getSession
+};
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server.ts"],"sourcesContent":["/**\n * > **caution**\n * > `astro-auth` is currently experimental. Be aware of breaking changes between versions.\n *\n *\n * Astro Auth is the unofficial Astro integration for Auth.js.\n * It provides a simple way to add authentication to your Astro site in a few lines of code.\n *\n * ## Installation\n *\n * `astro-auth` requires building your site in `server` mode with a platform adaper like `@astrojs/node`.\n * ```js\n * // astro.config.mjs\n * export default defineConfig({\n *   output: \"server\",\n *   adapter: node({\n *     mode: 'standalone'\n *   })\n * });\n * ```\n *\n * ```bash npm2yarn2pnpm\n * npm install @auth/core @zitadel/astro-auth\n * ```\n */\nimport { Auth, createActionURL, setEnvDefaults } from '@auth/core';\nimport type { APIContext } from 'astro';\nimport authConfig from 'auth:config';\nimport type { AstroAuthConfig } from './types.js';\nimport type { Session } from '@auth/core/types';\n\nfunction AstroAuthHandler(prefix: string, options = authConfig) {\n  const normalizedPrefix = prefix.endsWith('/') ? prefix.slice(0, -1) : prefix;\n  return async ({ request }: APIContext) => {\n    const url = new URL(request.url);\n    // Only handle requests that match our prefix path\n    // Non-matching paths return undefined because this handler is mounted as [...auth]\n    if (!url.pathname.startsWith(normalizedPrefix + '/')) {\n      return;\n    }\n\n    return await Auth(request, options);\n  };\n}\n\n/**\n * Creates a set of Astro endpoints for authentication.\n *\n * @param options - The configuration for authentication providers and other options.\n * @returns An object with `GET` and `POST` methods that can be exported in an Astro endpoint.\n * @throws {Error} When auth configuration is not found or not properly configured.\n *\n * @example\n * ```ts\n * export const { GET, POST } = AstroAuth({\n *   providers: [\n *     GitHub({\n *       clientId: process.env.GITHUB_ID!,\n *       clientSecret: process.env.GITHUB_SECRET!,\n *     }),\n *   ],\n *   debug: false,\n * })\n * ```\n */\nexport function AstroAuth(options = authConfig) {\n  const config = options ?? authConfig;\n  if (!config) {\n    throw new Error(\n      'Auth configuration not found. Please ensure auth.config is properly configured.',\n    );\n  }\n  const { prefix = '/api/auth', ...authOptions } = config;\n\n  const handler = AstroAuthHandler(prefix, authOptions);\n  return {\n    async GET(context: APIContext) {\n      return await handler(context);\n    },\n    async POST(context: APIContext) {\n      return await handler(context);\n    },\n  };\n}\n\n/**\n * Retrieves the current session for a Request.\n *\n * This function extracts session information from the request cookies and\n * validates it against the Auth.js configuration. It returns the session\n * object if valid or null if no valid session exists.\n *\n * @param req - The Request object\n * @param config - The authentication configuration\n * @returns Promise resolving to session data or null\n * @throws {Error} When session validation fails or Auth.js returns an error\n *\n * @example\n * ```ts\n * const session = await getSession(request, authConfig)\n * if (!session) throw new Error (\"Not authenticated\")\n * ```\n */\nexport async function getSession(\n  req: Request,\n  config: AstroAuthConfig,\n): Promise<Session | null> {\n  setEnvDefaults(process.env, config);\n  const url = createActionURL(\n    'session',\n    new URL(req.url).protocol.replace(':', ''),\n    new Headers(req.headers),\n    process.env,\n    config,\n  );\n  const headers = new Headers(req.headers);\n  const response = await Auth(\n    new Request(url, {\n      headers,\n    }),\n    config,\n  );\n  const status = response.status ?? 200;\n  const data = await response.json();\n  if (!data || !Object.keys(data).length) {\n    return null;\n  } else {\n    const astroGlobal = globalThis as unknown as {\n      Astro?: { response?: { headers?: Headers } };\n    };\n    const target =\n      astroGlobal.Astro && astroGlobal.Astro.response\n        ? astroGlobal.Astro.response.headers\n        : undefined;\n    if (target) {\n      const h = response.headers as unknown as {\n        getSetCookie?: () => string[];\n      };\n      if (h && typeof h.getSetCookie === 'function') {\n        const cookies = h.getSetCookie();\n        if (Array.isArray(cookies)) {\n          for (const c of cookies) {\n            target.append('Set-Cookie', c);\n          }\n        }\n      } else {\n        const single = response.headers.get('set-cookie');\n        if (single) {\n          target.append('Set-Cookie', single);\n        }\n      }\n    }\n    if (status === 200) {\n      return data as Session;\n    } else {\n      throw new Error(\n        `[astro-auth] getSession failed: ${status} ${JSON.stringify(data)}`,\n      );\n    }\n  }\n}\n"],"mappings":";AAyBA,SAAS,MAAM,iBAAiB,sBAAsB;AAEtD,OAAO,gBAAgB;AAIvB,SAAS,iBAAiB,QAAgB,UAAU,YAAY;AAC9D,QAAM,mBAAmB,OAAO,SAAS,GAAG,IAAI,OAAO,MAAM,GAAG,EAAE,IAAI;AACtE,SAAO,OAAO,EAAE,QAAQ,MAAkB;AACxC,UAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAG/B,QAAI,CAAC,IAAI,SAAS,WAAW,mBAAmB,GAAG,GAAG;AACpD;AAAA,IACF;AAEA,WAAO,MAAM,KAAK,SAAS,OAAO;AAAA,EACpC;AACF;AAsBO,SAAS,UAAU,UAAU,YAAY;AAC9C,QAAM,SAAS,WAAW;AAC1B,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,EAAE,SAAS,aAAa,GAAG,YAAY,IAAI;AAEjD,QAAM,UAAU,iBAAiB,QAAQ,WAAW;AACpD,SAAO;AAAA,IACL,MAAM,IAAI,SAAqB;AAC7B,aAAO,MAAM,QAAQ,OAAO;AAAA,IAC9B;AAAA,IACA,MAAM,KAAK,SAAqB;AAC9B,aAAO,MAAM,QAAQ,OAAO;AAAA,IAC9B;AAAA,EACF;AACF;AAoBA,eAAsB,WACpB,KACA,QACyB;AACzB,iBAAe,QAAQ,KAAK,MAAM;AAClC,QAAM,MAAM;AAAA,IACV;AAAA,IACA,IAAI,IAAI,IAAI,GAAG,EAAE,SAAS,QAAQ,KAAK,EAAE;AAAA,IACzC,IAAI,QAAQ,IAAI,OAAO;AAAA,IACvB,QAAQ;AAAA,IACR;AAAA,EACF;AACA,QAAM,UAAU,IAAI,QAAQ,IAAI,OAAO;AACvC,QAAM,WAAW,MAAM;AAAA,IACrB,IAAI,QAAQ,KAAK;AAAA,MACf;AAAA,IACF,CAAC;AAAA,IACD;AAAA,EACF;AACA,QAAM,SAAS,SAAS,UAAU;AAClC,QAAM,OAAO,MAAM,SAAS,KAAK;AACjC,MAAI,CAAC,QAAQ,CAAC,OAAO,KAAK,IAAI,EAAE,QAAQ;AACtC,WAAO;AAAA,EACT,OAAO;AACL,UAAM,cAAc;AAGpB,UAAM,SACJ,YAAY,SAAS,YAAY,MAAM,WACnC,YAAY,MAAM,SAAS,UAC3B;AACN,QAAI,QAAQ;AACV,YAAM,IAAI,SAAS;AAGnB,UAAI,KAAK,OAAO,EAAE,iBAAiB,YAAY;AAC7C,cAAM,UAAU,EAAE,aAAa;AAC/B,YAAI,MAAM,QAAQ,OAAO,GAAG;AAC1B,qBAAW,KAAK,SAAS;AACvB,mBAAO,OAAO,cAAc,CAAC;AAAA,UAC/B;AAAA,QACF;AAAA,MACF,OAAO;AACL,cAAM,SAAS,SAAS,QAAQ,IAAI,YAAY;AAChD,YAAI,QAAQ;AACV,iBAAO,OAAO,cAAc,MAAM;AAAA,QACpC;AAAA,MACF;AAAA,IACF;AACA,QAAI,WAAW,KAAK;AAClB,aAAO;AAAA,IACT,OAAO;AACL,YAAM,IAAI;AAAA,QACR,mCAAmC,MAAM,IAAI,KAAK,UAAU,IAAI,CAAC;AAAA,MACnE;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/dist/types-Bvas30QH.d.ts

@@ -0,0 +1,66 @@
+import { AuthConfig } from '@auth/core/types';
+
+/**
+ * Utility type for string literals with autocomplete support.
+ *
+ * @internal
+ */
+type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
+/**
+ * Options for the sign-in flow.
+ *
+ * @public
+ */
+interface SignInOptions {
+    /** URL to redirect to after successful sign-in */
+    callbackUrl?: string;
+    /** Whether to redirect after sign-in */
+    redirect?: boolean;
+}
+/**
+ * Authorization parameters passed to the OAuth provider.
+ *
+ * @public
+ */
+interface SignInAuthorizationParams {
+    [key: string]: string;
+}
+/**
+ * Astro-specific sign-in options extending base options.
+ *
+ * @public
+ */
+interface AstroSignInOptions extends SignInOptions {
+    /** Custom auth endpoint prefix */
+    prefix?: string;
+}
+/**
+ * Options for the sign-out flow.
+ *
+ * @public
+ */
+interface SignOutParams {
+    /** URL to redirect to after sign-out */
+    callbackUrl?: string;
+    /** Whether to redirect after sign-out */
+    redirect?: boolean;
+}
+/**
+ * Astro-specific sign-out options extending base options.
+ *
+ * @public
+ */
+interface AstroSignOutParams extends SignOutParams {
+    /** Custom auth endpoint prefix */
+    prefix?: string;
+}
+/**
+ * Authentication configuration for Astro integration.
+ *
+ * Excludes internal Auth.js properties not relevant to Astro usage.
+ *
+ * @public
+ */
+type AstroAuthConfig = Omit<AuthConfig, 'raw'>;
+
+export type { AstroSignInOptions as A, LiteralUnion as L, SignInAuthorizationParams as S, AstroSignOutParams as a, AstroAuthConfig as b };

package/package.json

@@ -0,0 +1,107 @@
+{
+  "name": "@zitadel/astro-auth",
+  "description": "A comprehensive Auth.js integration for Astro applications with TypeScript support, framework-agnostic HTTP adapters, and role-based access control",
+  "version": "1.2.0",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./client": {
+      "types": "./dist/client.d.ts",
+      "import": "./dist/client.js"
+    },
+    "./server": {
+      "types": "./dist/server.d.ts",
+      "import": "./dist/server.js"
+    },
+    "./components": {
+      "types": "./dist/components/index.d.ts",
+      "import": "./dist/components/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/zitadel/astro-auth.git"
+  },
+  "author": {
+    "name": "Mridang Agarwalla",
+    "email": "mridang@zitadel.com",
+    "url": "https://github.com/zitadel"
+  },
+  "scripts": {
+    "prepack": "tsc",
+    "prepare": "npm run build",
+    "build": "tsup",
+    "test": "jest --verbose --config=jest.config.mjs --runInBand",
+    "test:watch": "npm run test -- --watch",
+    "test:debug": "jest --verbose --config=jest.config.mjs --runInBand --detectOpenHandles",
+    "format": "prettier --write .",
+    "format:check": "prettier --check .",
+    "lint": "npx eslint .",
+    "lint:fix": "npx eslint . --fix",
+    "depcheck": "npx knip"
+  },
+  "peerDependencies": {
+    "@auth/core": ">=0.40.0",
+    "astro": ">=5.0.0"
+  },
+  "devDependencies": {
+    "@auth/core": "^0.40.0",
+    "@jest/globals": "^30.0.5",
+    "@mridang/eslint-defaults": "^1.5.0",
+    "@semantic-release/commit-analyzer": "^13.0.1",
+    "@semantic-release/git": "^10.0.1",
+    "@semantic-release/github": "^12.0.0",
+    "@semantic-release/npm": "^13.1.1",
+    "@semantic-release/release-notes-generator": "^14.1.0",
+    "@types/jest": "^30.0.0",
+    "@types/node": "^22.18.13",
+    "astro": "^5.0.0",
+    "eslint": "9.32.0",
+    "eslint-plugin-astro": "^1.4.0",
+    "jest": "30.0.5",
+    "jest-environment-jsdom": "^30.2.0",
+    "jest-fetch-mock": "^3.0.3",
+    "jest-junit": "^16.0.0",
+    "knip": "^5.66.4",
+    "prettier": "3.6.2",
+    "prettier-plugin-astro": "^0.14.1",
+    "rollup": "^4.52.5",
+    "semantic-release": "^25.0.1",
+    "ts-jest": "29.4.0",
+    "tsup": "^8.5.0",
+    "typescript": "^5.9.3"
+  },
+  "keywords": [
+    "astro",
+    "auth",
+    "authentication",
+    "integration",
+    "@auth",
+    "@auth/core",
+    "authjs",
+    "jwt",
+    "oauth",
+    "astro-auth",
+    "astro-integration",
+    "astro-component",
+    "withastro"
+  ],
+  "private": false,
+  "homepage": "https://github.com/zitadel/astro-auth",
+  "bugs": "https://github.com/zitadel/astro-auth/issues",
+  "publishConfig": {
+    "access": "public"
+  }
+}