authhero 0.0.1 → 0.2.0

package/CHANGELOG.md

@@ -0,0 +1,13 @@
+# authhero
+
+## 0.2.0
+
+### Minor Changes
+
+- Update the package to support both esm and cjs
+
+## 0.1.0
+
+### Minor Changes
+
+- a1212dc: Added a jwks route with mock data

package/README.md

@@ -5,5 +5,5 @@ An open-source auth library for building a drop-in replacement for Auth0.
 Setup a new project with Authhero in 5 minutes or less:
 
 ```bash
-npx create-authhero
+npx create authhero
 ```

package/package.json

@@ -1,7 +1,6 @@
 {
   "name": "authhero",
-  "version": "0.0.1",
-  "type": "module",
+  "version": "0.2.0",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
@@ -18,6 +17,7 @@
     "hono": "^4.4.10"
   },
   "scripts": {
+    "dev": "bun --watch src/bun.ts",
     "build": "vite build",
     "start": "pnpm build && node dist/index.js"
   }

package/src/bun.ts

@@ -0,0 +1,16 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { Bindings } from "./types/Bindings";
+import { Context } from "hono";
+import { init } from "./";
+
+const app = new OpenAPIHono<{ Bindings: Bindings }>();
+
+const authhero = init();
+
+app.get("/test", (ctx: Context) => {
+  return ctx.text("Hello, world!");
+});
+
+app.route("/", authhero);
+
+export default app;

package/src/index.ts

@@ -1,13 +1,34 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
 import { Context } from "hono";
-import { Bindings } from "./types/Bindings";
+import { Bindings, Variables } from "./types";
+import { wellKnownRoutes } from "./routes/oauth2";
 
 export interface AuthHeroConfig {}
 
 export function init() {
-  const app = new OpenAPIHono<{ Bindings: Bindings }>();
+  const rootApp = new OpenAPIHono<{ Bindings: Bindings }>();
 
-  app.get("/test", (ctx: Context) => {
-    return ctx.text("Hello, world!");
+  rootApp.get("/", (ctx: Context) => {
+    return ctx.text("Hello, authhero!");
   });
+
+  /**
+   * The oauth routes
+   */
+  const oauthApp = new OpenAPIHono<{
+    Bindings: Bindings;
+    Variables: Variables;
+  }>().route("/.well-known", wellKnownRoutes);
+
+  oauthApp.doc("/spec", {
+    openapi: "3.0.0",
+    info: {
+      version: "1.0.0",
+      title: "Oauth endpoints",
+    },
+  });
+
+  rootApp.route("/", oauthApp);
+
+  return rootApp;
 }

package/src/routes/oauth2/index.ts

@@ -0,0 +1 @@
+export * from "./well-known";

package/src/routes/oauth2/well-known.ts

@@ -0,0 +1,179 @@
+import {
+  Bindings,
+  jwksKeySchema,
+  // jwksSchema,
+  openIDConfigurationSchema,
+} from "../../types";
+import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
+
+export const wellKnownRoutes = new OpenAPIHono<{ Bindings: Bindings }>()
+  // --------------------------------
+  // GET /.well-known/jwks.json
+  // --------------------------------
+  .openapi(
+    createRoute({
+      tags: ["jwks"],
+      method: "get",
+      path: "/jwks.json",
+      request: {},
+      responses: {
+        200: {
+          content: {
+            "application/json": {
+              schema: jwksKeySchema,
+            },
+          },
+          description: "List of tenants",
+        },
+      },
+    }),
+    async (ctx) => {
+      const { env } = ctx;
+
+      // const certificates = await env.data.keys.list();
+      // const keys = certificates.map((cert) => {
+      //   const { alg, n, e, kty } = JSON.parse(cert.public_key);
+      //   if (!alg || !e || !kty || !n) {
+      //     throw new Error("Invalid public key");
+      //   }
+
+      //   return jwksSchema.parse({
+      //     kid: cert.kid,
+      //     alg,
+      //     n,
+      //     e,
+      //     kty,
+      //   });
+      // });
+
+      // TODO: This is a stub implementation. Replace with the actual implementation
+      const keys = [
+        {
+          alg: "RS256",
+          e: "AQAB",
+          kid: "hZ42TWGWLdmyKfwGVA6c2",
+          kty: "RSA",
+          n: "nUd-mktFZQNfVwmXufxcVcvJo6Lkb-jDuymtfQunmEhWCctOccWx9e7LX7_9uN15ZnRS7XJInPMRs9KLYdZ0GCnE2HM_QbrEoHpdkCRgyTE-KzmoaEv_AOVGE_Kg0-0ct3r9Z7aJLDVAsxXl1C9y8Gr7ZYkq0c4DyZr9VT8nQiwZQERbfxXdXw-5RLj21S_Lm-LL-AjKvry_TDBLpfUFJV18SVsM07lY_V45TwykNewRdaGLspFIeGdG5j5eByV8ifzBqvzOSptSCsmOTtW-ceWUk0FPD7g_KKzjjbzenoB0TC8mBb_4vWZlHnuGIAs2YoTFglp9uNu7t_OVl3Svo6ZE6alzUnaNfZNeAi78KPHYQ4tDWPjpYNfGynsiD0nojkDSPCIak56jWNYjj614cPEBiv9MVQRiSbBxpiGhMoHlW_QCCPMcXygLAaRs_tUksqoH4QB80krifG2yHPgGDPjXK1_0cYzV80iOcQIeoceqhkSSc6YxzzgDrQcsV2k3bizRQSL83GWkpdHhTZn-Q_JzsW_bDY_f9fjigYbRnoDSgS7038VFIPc92StE41MdgvIQMomcyEE4lYK1uv1Mo6cnXbCZhm8tvddo7VKNorOB4nsiv8DGrWPlzQBca9VN4C1oE2mH-3WLFR7XEkBHWVouOdTWM2S3K9F10YtahkM",
+        },
+      ];
+
+      return ctx.json(
+        { keys },
+        {
+          headers: {
+            "access-control-allow-origin": "*",
+            "access-control-allow-method": "GET",
+            "cache-control": `public, max-age=${env.JWKS_CACHE_TIMEOUT_IN_SECONDS}, stale-while-revalidate=${
+              env.JWKS_CACHE_TIMEOUT_IN_SECONDS * 2
+            }, stale-if-error=86400`,
+          },
+        },
+      );
+    },
+  )
+  // --------------------------------
+  // GET /.well-known/openid-configuration
+  // --------------------------------
+  .openapi(
+    createRoute({
+      tags: ["well known"],
+      method: "get",
+      path: "/openid-configuration",
+      request: {},
+      responses: {
+        200: {
+          content: {
+            "application/json": {
+              schema: openIDConfigurationSchema,
+            },
+          },
+          description: "List of tenants",
+        },
+      },
+    }),
+    async (ctx) => {
+      const { env } = ctx;
+      const { ISSUER } = env;
+
+      const result = openIDConfigurationSchema.parse({
+        issuer: ISSUER,
+        authorization_endpoint: `${ISSUER}authorize`,
+        token_endpoint: `${ISSUER}oauth/token`,
+        device_authorization_endpoint: `${ISSUER}oauth/device/code`,
+        userinfo_endpoint: `${ISSUER}userinfo`,
+        mfa_challenge_endpoint: `${ISSUER}mfa/challenge`,
+        jwks_uri: `${ISSUER}.well-known/jwks.json`,
+        registration_endpoint: `${ISSUER}oidc/register`,
+        revocation_endpoint: `${ISSUER}oauth/revoke`,
+        scopes_supported: [
+          "openid",
+          "profile",
+          "offline_access",
+          "name",
+          "given_name",
+          "family_name",
+          "nickname",
+          "email",
+          "email_verified",
+          "picture",
+          "created_at",
+          "identities",
+          "phone",
+          "address",
+        ],
+        response_types_supported: [
+          "code",
+          "token",
+          "id_token",
+          "code token",
+          "code id_token",
+          "token id_token",
+          "code token id_token",
+        ],
+        code_challenge_methods_supported: ["S256", "plain"],
+        response_modes_supported: ["query", "fragment", "form_post"],
+        subject_types_supported: ["public"],
+        id_token_signing_alg_values_supported: ["HS256", "RS256"],
+        token_endpoint_auth_methods_supported: [
+          "client_secret_basic",
+          "client_secret_post",
+          "private_key_jwt",
+        ],
+        claims_supported: [
+          "aud",
+          "auth_time",
+          "created_at",
+          "email",
+          "email_verified",
+          "exp",
+          "family_name",
+          "given_name",
+          "iat",
+          "identities",
+          "iss",
+          "name",
+          "nickname",
+          "phone_number",
+          "picture",
+          "sub",
+        ],
+        request_uri_parameter_supported: false,
+        request_parameter_supported: false,
+        token_endpoint_auth_signing_alg_values_supported: [
+          "RS256",
+          "RS384",
+          "PS256",
+        ],
+      });
+
+      return ctx.json(result, {
+        headers: {
+          "access-control-allow-origin": "*",
+          "access-control-allow-method": "GET",
+          "cache-control": `public, max-age=${env.JWKS_CACHE_TIMEOUT_IN_SECONDS}, stale-while-revalidate=${
+            env.JWKS_CACHE_TIMEOUT_IN_SECONDS * 2
+          }, stale-if-error=86400`,
+        },
+      });
+    },
+  );

package/src/types/Bindings.ts

@@ -1,4 +1,7 @@
 export type Bindings = {
   ISSUER: string;
   ENVIRONMENT: string;
+
+  // Constants
+  JWKS_CACHE_TIMEOUT_IN_SECONDS: number;
 };

package/src/types/JWKS.ts

@@ -0,0 +1,37 @@
+import { z } from "@hono/zod-openapi";
+
+export const jwksSchema = z.object({
+  alg: z.string(),
+  e: z.string(),
+  kid: z.string(),
+  kty: z.string(),
+  n: z.string(),
+  use: z.string().optional(),
+});
+
+export const jwksKeySchema = z.object({
+  keys: z.array(jwksSchema),
+});
+
+export const openIDConfigurationSchema = z.object({
+  issuer: z.string(),
+  authorization_endpoint: z.string(),
+  token_endpoint: z.string(),
+  device_authorization_endpoint: z.string(),
+  userinfo_endpoint: z.string(),
+  mfa_challenge_endpoint: z.string(),
+  jwks_uri: z.string(),
+  registration_endpoint: z.string(),
+  revocation_endpoint: z.string(),
+  scopes_supported: z.array(z.string()),
+  response_types_supported: z.array(z.string()),
+  code_challenge_methods_supported: z.array(z.string()),
+  response_modes_supported: z.array(z.string()),
+  subject_types_supported: z.array(z.string()),
+  id_token_signing_alg_values_supported: z.array(z.string()),
+  token_endpoint_auth_methods_supported: z.array(z.string()),
+  claims_supported: z.array(z.string()),
+  request_uri_parameter_supported: z.boolean(),
+  request_parameter_supported: z.boolean(),
+  token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
+});

package/src/types/Variables.ts

@@ -0,0 +1 @@
+export type Variables = {};

package/src/types/index.ts

@@ -0,0 +1,3 @@
+export * from "./Bindings";
+export * from "./JWKS";
+export * from "./Variables";

package/vite.config.ts

@@ -1,11 +1,41 @@
+import path from "path";
 import { defineConfig } from "vite";
-import { resolve } from "path";
-import dts from "vite-plugin-dts";
 
-// https://vitejs.dev/config/
-export default defineConfig({
+const getPackageName = () => {
+  return "authhero";
+};
+
+const getPackageNameCamelCase = () => {
+  try {
+    return getPackageName().replace(/-./g, (char) => char[1].toUpperCase());
+  } catch (err) {
+    throw new Error("Name property in package.json is missing.");
+  }
+};
+
+const fileName = {
+  es: `${getPackageName()}.mjs`,
+  cjs: `${getPackageName()}.cjs`,
+  iife: `${getPackageName()}.iife.js`,
+};
+
+const formats = Object.keys(fileName) as Array<keyof typeof fileName>;
+
+module.exports = defineConfig({
+  base: "./",
   build: {
-    lib: { entry: resolve(__dirname, "src/index.ts"), formats: ["es"] },
+    outDir: "./build/dist",
+    lib: {
+      entry: path.resolve(__dirname, "src/index.ts"),
+      name: getPackageNameCamelCase(),
+      formats,
+      fileName: (format) => fileName[format],
+    },
+  },
+  resolve: {
+    alias: [
+      { find: "@", replacement: path.resolve(__dirname, "src") },
+      { find: "@@", replacement: path.resolve(__dirname) },
+    ],
   },
-  plugins: [dts()],
 });