authhero 0.101.0 → 0.102.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/authhero.cjs +1 -1
  2. package/dist/authhero.d.ts +51 -51
  3. package/dist/authhero.mjs +4 -3
  4. package/package.json +3 -3
package/dist/authhero.cjs CHANGED
@@ -26,7 +26,7 @@
26
26
  }};
27
27
  <\/script>
28
28
  </body>
29
- </html>`;return new Response(i,{headers:{"Content-Type":"text/html"}})}async function ey(t,e,n,r,i){var m,v,f;if(!n.redirect_uri)throw new z(400,{message:"Missing redirect_uri in authParams"});const[s]=await t.env.data.keys.list();if(!s)throw new z(500,{message:"No signing key found"});if(!((m=e.addons)!=null&&m.samlp))throw new z(400,{message:`SAML Addon is not enabled for client ${e.id}`});const{recipient:a,audience:c}=e.addons.samlp,l=n.state||"";if(!a||!l||!r||!n.state)throw new z(400,{message:"Missing recipient or inResponseTo"});const u=JSON.parse(n.state),p=new URL(n.redirect_uri),h=await ty(t,{issuer:t.env.ISSUER,audience:c||n.client_id,destination:p.toString(),inResponseTo:u.requestId,userId:((f=(v=r.app_metadata)==null?void 0:v.vimeo)==null?void 0:f.user_id)||r.user_id,email:r.email,sessionIndex:i,signature:{privateKeyPem:s.pkcs7,cert:s.cert,kid:s.kid}});return Q0(p.toString(),h,u.relayState)}async function ty(t,e){const n=e.notBefore||new Date().toISOString(),r=e.notAfter||new Date(new Date(n).getTime()+10*60*1e3).toISOString(),i=e.issueInstant||n,s=e.sessionNotOnOrAfter||r,a=e.responseId||`_${xe()}`,c=e.assertionId||`_${xe()}`,l=[{"samlp:Response":[{"saml:Issuer":[{"#text":e.issuer}]},{"samlp:Status":[{"samlp:StatusCode":[],":@":{"@_Value":"urn:oasis:names:tc:SAML:2.0:status:Success"}}]},{"saml:Assertion":[{"saml:Issuer":[{"#text":e.issuer}]},{"saml:Subject":[{"saml:NameID":[{"#text":e.email}],":@":{"@_Format":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}},{"saml:SubjectConfirmation":[{"saml:SubjectConfirmationData":[],":@":{"@_InResponseTo":e.inResponseTo,"@_NotOnOrAfter":r,"@_Recipient":e.destination}}],":@":{"@_Method":"urn:oasis:names:tc:SAML:2.0:cm:bearer"}}]},{"saml:Conditions":[{"saml:AudienceRestriction":[{"saml:Audience":[{"#text":e.audience}]}]}],":@":{"@_NotBefore":n,"@_NotOnOrAfter":r}},{"saml:AuthnStatement":[{"saml:AuthnContext":[{"saml:AuthnContextClassRef":[{"#text":"urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"}]}]}],":@":{"@_AuthnInstant":i,"@_SessionIndex":e.sessionIndex,"@_SessionNotOnOrAfter":s}},{"saml:AttributeStatement":[{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.userId}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_FriendlyName":"persistent","@_Name":"id","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.email}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"email","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"default-roles-master"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"offline_access"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"view-profile"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"uma_authorization"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account-links"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}}]}],":@":{"@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion","@_ID":c,"@_IssueInstant":i,"@_Version":"2.0"}}],":@":{"@_xmlns:samlp":"urn:oasis:names:tc:SAML:2.0:protocol","@_xmlns:saml":"urn:oasis:names:tc:SAML:2.0:assertion","@_Destination":e.destination,"@_ID":a,"@_InResponseTo":e.inResponseTo,"@_IssueInstant":i,"@_Version":"2.0"}}];let p=new X0.XMLBuilder({ignoreAttributes:!1,suppressEmptyNode:!0,preserveOrder:!0}).build(l);if(e.signature){const m=await fetch(t.env.SAML_SIGN_URL,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({xmlContent:p,privateKey:e.signature.privateKeyPem,publicCert:e.signature.cert})});if(!m.ok)throw new Error(`Failed to sign SAML response: ${m.status}`);p=await m.text()}return e.encode===!1?p:btoa(p)}var ny={deno:"Deno",bun:"Bun",workerd:"Cloudflare-Workers",node:"Node.js"},ry=()=>{var n,r;const t=globalThis;if(typeof navigator<"u"&&typeof navigator.userAgent=="string"){for(const[i,s]of Object.entries(ny))if(iy(s))return i}return typeof(t==null?void 0:t.EdgeRuntime)=="string"?"edge-light":(t==null?void 0:t.fastly)!==void 0?"fastly":((r=(n=t==null?void 0:t.process)==null?void 0:n.release)==null?void 0:r.name)==="node"?"node":"other"},iy=t=>navigator.userAgent.startsWith(t);function nt(t,e){ry()==="workerd"&&t.executionCtx.waitUntil(e)}function on(t){var e,n,r;return{auth0Client:(e=t.query("auth0Client"))==null?void 0:e.slice(0,255),ip:(n=t.header("x-real-ip"))==null?void 0:n.slice(0,45),useragent:(r=t.header("user-agent"))==null?void 0:r.slice(0,512)}}const Ju=["sub","iss","aud","exp","nbf","iat","jti"];async function to(t,e){var _,w;const{authParams:n,user:r,client:i,session_id:s}=e,c=(await t.env.data.keys.list()).filter(S=>!S.revoked_at||new Date(S.revoked_at)>new Date),l=c[c.length-1];if(!(l!=null&&l.pkcs7))throw new z(500,{message:"No signing key available"});const u=S_(l.pkcs7),p={aud:n.audience||"default",scope:n.scope||"",sub:(r==null?void 0:r.user_id)||n.client_id,iss:t.env.ISSUER,tenant_id:t.var.tenant_id,sid:s},h=r&&((_=n.scope)!=null&&_.split(" ").includes("openid"))?{aud:n.client_id,sub:r.user_id,iss:t.env.ISSUER,sid:s,nonce:n.nonce,given_name:r.given_name,family_name:r.family_name,nickname:r.nickname,picture:r.picture,locale:r.locale,name:r.name,email:r.email,email_verified:r.email_verified}:void 0;(w=t.env.hooks)!=null&&w.onExecuteCredentialsExchange&&await t.env.hooks.onExecuteCredentialsExchange({client:i,user:r,request:{ip:t.req.header("x-real-ip")||"",user_agent:t.req.header("user-agent")||"",method:t.req.method,url:t.req.url},scope:n.scope||"",grant_type:""},{accessToken:{setCustomClaim:(S,C)=>{if(Ju.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);p[S]=C}},idToken:{setCustomClaim:(S,C)=>{if(Ju.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);h&&(h[S]=C)}},access:{deny:S=>{throw new z(400,{message:`Access denied: ${S}`})}}});const m={includeIssuedTimestamp:!0,expiresIn:new sl(1,"d"),headers:{kid:l.kid}},v=await Du("RS256",u,p,m),f=h?await Du("RS256",u,h,m):void 0;return{access_token:v,refresh_token:e.refresh_token,id_token:f,token_type:"Bearer",expires_in:86400}}async function Df(t,e){return e.loginSession||(e.loginSession=await t.env.data.loginSessions.create(e.client.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:e.authParams,authorization_url:t.req.url,csrf_token:xe(),...on(t.req)})),{code:(await t.env.data.codes.create(e.client.tenant.id,{code_id:xe(),user_id:e.user.user_id,code_type:"authorization_code",login_id:e.loginSession.id,expires_at:new Date(Date.now()+z_*1e3).toISOString()})).code_id,state:e.authParams.state}}async function sy(t,e){const{client:n,scope:r,audience:i=n.tenant.audience,session_id:s}=e;return await t.env.data.refreshTokens.create(n.tenant.id,{id:xe(),session_id:s,client_id:n.id,expires_at:new Date(Date.now()+Qs*1e3).toISOString(),user_id:e.user.user_id,device:{last_ip:t.req.header("x-real-ip")||"",initial_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||"",initial_user_agent:t.req.header("user-agent")||"",initial_asn:"",last_asn:""},resource_servers:[{audience:i,scopes:r}],rotating:!1})}async function Hf(t,{user:e,client:n,loginSession:r}){const i=await t.env.data.sessions.create(n.tenant.id,{id:xe(),user_id:e.user_id,idle_expires_at:new Date(Date.now()+Qs*1e3).toISOString(),device:{last_ip:t.req.header("x-real-ip")||"",initial_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||"",initial_user_agent:t.req.header("user-agent")||"",initial_asn:"",last_asn:""},clients:[n.id]});await t.env.data.loginSessions.update(n.tenant.id,r.id,{session_id:i.id});const{scope:s,audience:a}=r.authParams,c=s!=null&&s.split(" ").includes("offline_access")?await sy(t,{session_id:i.id,user:e,client:n,scope:s,audience:a}):void 0;return{...i,refresh_token:c}}async function an(t,e){var v;const{authParams:n,user:r,client:i,ticketAuth:s}=e,a=ve(t,{type:he.SUCCESS_LOGIN,description:`Successful login for ${r.user_id}`,userId:r.user_id});if(nt(t,t.env.data.logs.create(i.tenant.id,a)),nt(t,t.env.data.users.update(i.tenant.id,r.user_id,{last_login:new Date().toISOString(),last_ip:t.req.header("x-real-ip")||"",login_count:r.login_count+1})),s){if(!e.loginSession)throw new z(500,{message:"Login session not found"});const f=x_(),_=xe(12),w=await t.env.data.codes.create(i.tenant.id,{code_id:xe(),code_type:"ticket",login_id:e.loginSession.id,expires_at:new Date(Date.now()+C_).toISOString(),code_verifier:[_,f].join("|")});return t.json({login_ticket:w.code_id,co_verifier:f,co_id:_})}let c=e.refreshToken,l=e.sessionId,u=r;if(!l){if(!e.loginSession)throw new z(500,{message:"Login session not found"});u=await ly(t,t.env.data)(i.tenant.id,r);const f=await Hf(t,{user:r,client:i,loginSession:e.loginSession});l=f.id,c=(v=f.refresh_token)==null?void 0:v.id}if(e.authParams.response_mode===Xt.SAML_POST)return ey(t,e.client,e.authParams,u,l);const p=await to(t,{authParams:n,user:u,client:i,session_id:l,refresh_token:c}),h=new Headers({"set-cookie":Tf(i.tenant.id,l,t.req.header("host"))});if(n.response_mode===Xt.WEB_MESSAGE)return t.json(p,{headers:h});if((n.response_type||Pt.CODE)===Pt.CODE){const f=await Df(t,e);if(!n.redirect_uri)throw new z(400,{message:"Redirect uri not found"});const _=new URL(n.redirect_uri);_.searchParams.set("code",f.code),f.state&&_.searchParams.set("state",f.state),h.set("location",_.toString())}return new Response("Redirecting",{status:302,headers:h})}async function oy(t,e,n){const r=await t.env.data.tenants.get(e);if(!r)throw new Error(`Tenant not found: ${e}`);return to(t,{client:{id:t.env.ISSUER,tenant:r,created_at:new Date().toISOString(),updated_at:new Date().toISOString(),name:t.env.ISSUER,disable_sign_ups:!1,connections:[]},authParams:{client_id:t.env.ISSUER,response_type:Pt.TOKEN,scope:n}})}async function dl(t,e,n){const r=await oy(t,n.tenant_id,"webhook");for await(const i of e)if(!(await fetch(i.url,{method:"POST",headers:{Authorization:`Bearer ${r.access_token}`,"Content-Type":"application/json"},body:JSON.stringify(n)})).ok){const a=ve(t,{type:he.FAILED_HOOK,description:`Failed to invoke hook ${i.hook_id}`});await t.env.data.logs.create(n.tenant_id,a)}}function ay(t){return async(e,n)=>{const{hooks:r}=await t.env.data.hooks.list(e);return await dl(t,r,{tenant_id:e,user:n,trigger_id:"post-user-registration"}),n}}function cy(t){return async(e,n)=>{const{hooks:r}=await t.env.data.hooks.list(e,{q:"trigger_id:pre-user-signup",page:0,per_page:100,include_totals:!1});await dl(t,r,{tenant_id:e,email:n,trigger_id:"pre-user-signup"})}}function ly(t,e){return async(n,r)=>{const{hooks:i}=await e.hooks.list(n,{q:"trigger_id:post-user-login",page:0,per_page:100,include_totals:!1});return await dl(t,i,{tenant_id:n,user:r,trigger_id:"post-user-login"}),r}}function uy(t,e){return async(n,r)=>{var a,c,l;const i={method:t.req.method,ip:t.req.query("x-real-ip")||"",user_agent:t.req.query("user-agent"),url:((a=t.var.loginSession)==null?void 0:a.authorization_url)||t.req.url};if((c=t.env.hooks)!=null&&c.onExecutePreUserRegistration)try{await t.env.hooks.onExecutePreUserRegistration({user:r,request:i},{user:{setUserMetadata:async(u,p)=>{r[u]=p}}})}catch{const p=ve(t,{type:he.FAILED_SIGNUP,description:"Pre user registration hook failed"});await e.logs.create(n,p)}let s=await m_(e)(n,r);if((l=t.env.hooks)!=null&&l.onExecutePostUserRegistration)try{await t.env.hooks.onExecutePostUserRegistration({user:r,request:i},{user:{}})}catch{const p=ve(t,{type:he.FAILED_SIGNUP,description:"Post user registration hook failed"});await t.env.data.logs.create(n,p)}return await ay(t)(n,s),s}}async function dy(t,e,n,r){if(e.disable_sign_ups&&!await ro({userAdapter:n.users,tenant_id:e.tenant.id,email:r})){const s=ve(t,{type:he.FAILED_SIGNUP,description:"Public signup is disabled"});throw await n.logs.create(e.tenant.id,s),new z(400,{message:"Signups are disabled for this client"})}await cy(t)(t.var.tenant_id||"",r)}function no(t,e){return{...e,users:{...e.users,create:uy(t,e)}}}function Ff(t){return no(t,t.env.data)}async function pl(t,e,n){return(await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n}`})).users}async function ur({userAdapter:t,tenant_id:e,email:n,provider:r}){const{users:i}=await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n} provider:${r}`});return i.length>1&&console.error("More than one user found for same email and provider"),i[0]||null}async function ro({userAdapter:t,tenant_id:e,email:n}){var c;const{users:r}=await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n}`}),i=r.filter(l=>!(l.provider==="auth2"&&!l.email_verified));if(i.length===0)return;const s=i.filter(l=>!l.linked_to);if(s.length>0)return s.length>1&&console.error("More than one primary user found for same email"),s[0];const a=await t.get(e,(c=i[0])==null?void 0:c.linked_to);if(!a)throw new Error("Primary account not found");return a}async function ls({userAdapter:t,tenant_id:e,email:n,provider:r}){const i=await ur({userAdapter:t,tenant_id:e,email:n,provider:r});return i?i.linked_to?t.get(e,i.linked_to):i:null}async function io(t,e){const{email:n,provider:r,connection:i,client:s,userId:a,isSocial:c,profileData:l={},ip:u=""}=e;let p=await ls({userAdapter:t.env.data.users,tenant_id:e.client.tenant.id,email:n,provider:r});if(!p){const h={user_id:`${r}|${a||Xs()}`,email:n,name:n,provider:r,connection:i,email_verified:!0,last_ip:u,is_social:c,last_login:new Date().toISOString(),profileData:JSON.stringify(l)};p=await Ff(t).users.create(s.tenant.id,h),t.set("user_id",p.user_id)}return p}const Qt=o.z.object({page:o.z.string().min(0).optional().default("0").transform(t=>parseInt(t,10)).openapi({description:"The page number where 0 is the first page"}),per_page:o.z.string().min(1).optional().default("10").transform(t=>parseInt(t,10)).openapi({description:"The number of items per page"}),include_totals:o.z.string().optional().default("false").transform(t=>t==="true").openapi({description:"If the total number of items should be included in the response"}),sort:o.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"A property that should have the format 'string:-1' or 'string:1'"}),q:o.z.string().optional().openapi({description:"A lucene query string used to filter the results"})});function dr(t){if(!t)return;const[e,n]=t.split(":"),r=n==="1"?"asc":"desc";if(!(!e||!r))return{sort_by:e,sort_order:r}}const Zu=rn.extend({users:o.z.array(xt)}),py=rn.extend({sessions:o.z.array(Ys)}),fy=new o.OpenAPIHono().openapi(o.createRoute({tags:["users"],method:"get",path:"/",request:{query:Qt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(xt),Zu])}},description:"List of users"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),{"tenant-id":a}=t.req.valid("header");if(s!=null&&s.includes("identities.profileData.email")){const p=s.split("=")[1],m=(await t.env.data.users.list(a,{page:e,per_page:n,include_totals:r,q:`email:${p}`})).users.filter(_=>_.linked_to),[v]=m;if(!v)return t.json([]);const f=await t.env.data.users.get(a,v.linked_to);if(!f)throw new z(500,{message:"Primary account not found"});return t.json([xt.parse(f)])}const c=["-_exists_:linked_to"];s&&c.push(s);const l=await t.env.data.users.list(a,{page:e,per_page:n,include_totals:r,sort:dr(i),q:c.join(" ")}),u=l.users.filter(p=>!p.linked_to);return r?t.json(Zu.parse({users:u,length:l.length,start:l.start,limit:l.limit})):t.json(o.z.array(xt).parse(u))}).openapi(o.createRoute({tags:["users"],method:"get",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:xt}},description:"List of users"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{"tenant-id":n}=t.req.valid("header"),r=await t.env.data.users.get(n,e);if(!r)throw new z(404);if(r.linked_to)throw new z(404,{message:"User is linked to another user"});return t.json(r)}).openapi(o.createRoute({tags:["users"],method:"delete",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{"tenant-id":n}=t.req.valid("header");if(!await t.env.data.users.remove(n,e))throw new z(404);return t.text("OK")}).openapi(o.createRoute({tags:["users"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object({...ts.shape})}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:xt}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");t.set("body",n);const{email:r}=n;if(!r)throw new z(400,{message:"Email is required"});const i=r.toLowerCase(),s=`${n.provider}|${n.user_id||Xs()}`;try{const a=await t.env.data.users.create(e,{email:i,user_id:s,name:n.name||i,provider:n.provider,connection:n.connection,email_verified:n.email_verified||!1,last_ip:"",is_social:!1,last_login:new Date().toISOString()});t.set("user_id",a.user_id);const c=ve(t,{type:he.SUCCESS_API_OPERATION,description:"User created"});nt(t,t.env.data.logs.create(e,c));const l={...a,identities:[{connection:a.connection,provider:a.provider,user_id:qu(a.user_id),isSocial:a.is_social}]};return t.json(xt.parse(l),{status:201})}catch(a){throw a.message==="User already exists"?new z(409,{message:"User already exists"}):a}}).openapi(o.createRoute({tags:["users"],method:"patch",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object({...ts.shape,verify_email:o.z.boolean(),password:o.z.string()}).partial()}}},params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{var p;const{data:e}=t.env,{"tenant-id":n}=t.req.valid("header"),r=t.req.valid("json"),{user_id:i}=t.req.valid("param"),{verify_email:s,password:a,...c}=r,l=await e.users.get(n,i);if(!l)throw new z(404);if(c.email&&c.email!==l.email){const h=await pl(t.env.data.users,n,c.email);if(h.length&&h.some(m=>m.user_id!==i))throw new z(409,{message:"Another user with the same email address already exists."})}if(l.linked_to)throw new z(404,{message:"User is linked to another user"});if(await t.env.data.users.update(n,i,c),a){const h=(p=l.identities)==null?void 0:p.find(f=>f.connection==="Username-Password-Authentication");if(!h)throw new z(400,{message:"User does not have a password identity"});const m={user_id:h.user_id,password:await si.hash(a,10),algorithm:"bcrypt"};await e.passwords.get(n,h.user_id)?await e.passwords.update(n,m):await e.passwords.create(n,m)}const u=await t.env.data.users.get(n,i);if(!u)throw new z(500);return t.json(u)}).openapi(o.createRoute({tags:["users"],method:"post",path:"/{user_id}/identities",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.union([o.z.object({link_with:o.z.string()}),o.z.object({user_id:o.z.string(),provider:o.z.string(),connection:o.z.string().optional()})])}}},params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:o.z.array(o.z.object({connection:o.z.string(),provider:o.z.string(),user_id:o.z.string(),isSocial:o.z.boolean()}))}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),{user_id:r}=t.req.valid("param"),i="link_with"in n?n.link_with:n.user_id,s=await t.env.data.users.get(e,r);if(!s)throw new z(400,{message:"Linking an inexistent identity is not allowed."});await t.env.data.users.update(e,i,{linked_to:r});const a=await t.env.data.users.list(e,{page:0,per_page:10,include_totals:!1,q:`linked_to:${r}`}),c=[s,...a.users].map(l=>({connection:l.connection,provider:l.provider,user_id:qu(l.user_id),isSocial:l.is_social}));return t.json(c,{status:201})}).openapi(o.createRoute({tags:["users"],method:"delete",path:"/{user_id}/identities/{provider}/{linked_user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string(),provider:o.z.string(),linked_user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:o.z.array(xt)}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{user_id:n,provider:r,linked_user_id:i}=t.req.valid("param");await t.env.data.users.unlink(e,n,r,i);const s=await t.env.data.users.get(e,n);if(!s)throw new z(404);return t.json([xt.parse(s)])}).openapi(o.createRoute({tags:["users"],method:"get",path:"/{user_id}/sessions",request:{query:Qt,headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Ys),py])}},description:"List of sessions"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{include_totals:n}=t.req.valid("query"),{"tenant-id":r}=t.req.valid("header"),i=await t.env.data.sessions.list(r,{page:0,per_page:10,include_totals:!1,q:`user_id:${e}`});return n?t.json(i):t.json(i.sessions)});/*! *****************************************************************************
29
+ </html>`;return new Response(i,{headers:{"Content-Type":"text/html"}})}async function ey(t,e,n,r,i){var m,v,f;if(!n.redirect_uri)throw new z(400,{message:"Missing redirect_uri in authParams"});const[s]=await t.env.data.keys.list();if(!s)throw new z(500,{message:"No signing key found"});if(!((m=e.addons)!=null&&m.samlp))throw new z(400,{message:`SAML Addon is not enabled for client ${e.id}`});const{recipient:a,audience:c}=e.addons.samlp,l=n.state||"";if(!a||!l||!r||!n.state)throw new z(400,{message:"Missing recipient or inResponseTo"});const u=JSON.parse(n.state),p=new URL(n.redirect_uri),h=await ty(t,{issuer:t.env.ISSUER,audience:c||n.client_id,destination:p.toString(),inResponseTo:u.requestId,userId:((f=(v=r.app_metadata)==null?void 0:v.vimeo)==null?void 0:f.user_id)||r.user_id,email:r.email,sessionIndex:i,signature:{privateKeyPem:s.pkcs7,cert:s.cert,kid:s.kid}});return Q0(p.toString(),h,u.relayState)}async function ty(t,e){const n=e.notBefore||new Date().toISOString(),r=e.notAfter||new Date(new Date(n).getTime()+10*60*1e3).toISOString(),i=e.issueInstant||n,s=e.sessionNotOnOrAfter||r,a=e.responseId||`_${xe()}`,c=e.assertionId||`_${xe()}`,l=[{"samlp:Response":[{"saml:Issuer":[{"#text":e.issuer}]},{"samlp:Status":[{"samlp:StatusCode":[],":@":{"@_Value":"urn:oasis:names:tc:SAML:2.0:status:Success"}}]},{"saml:Assertion":[{"saml:Issuer":[{"#text":e.issuer}]},{"saml:Subject":[{"saml:NameID":[{"#text":e.email}],":@":{"@_Format":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}},{"saml:SubjectConfirmation":[{"saml:SubjectConfirmationData":[],":@":{"@_InResponseTo":e.inResponseTo,"@_NotOnOrAfter":r,"@_Recipient":e.destination}}],":@":{"@_Method":"urn:oasis:names:tc:SAML:2.0:cm:bearer"}}]},{"saml:Conditions":[{"saml:AudienceRestriction":[{"saml:Audience":[{"#text":e.audience}]}]}],":@":{"@_NotBefore":n,"@_NotOnOrAfter":r}},{"saml:AuthnStatement":[{"saml:AuthnContext":[{"saml:AuthnContextClassRef":[{"#text":"urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"}]}]}],":@":{"@_AuthnInstant":i,"@_SessionIndex":e.sessionIndex,"@_SessionNotOnOrAfter":s}},{"saml:AttributeStatement":[{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.userId}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_FriendlyName":"persistent","@_Name":"id","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.email}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"email","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"default-roles-master"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"offline_access"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"view-profile"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"uma_authorization"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account-links"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}}]}],":@":{"@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion","@_ID":c,"@_IssueInstant":i,"@_Version":"2.0"}}],":@":{"@_xmlns:samlp":"urn:oasis:names:tc:SAML:2.0:protocol","@_xmlns:saml":"urn:oasis:names:tc:SAML:2.0:assertion","@_Destination":e.destination,"@_ID":a,"@_InResponseTo":e.inResponseTo,"@_IssueInstant":i,"@_Version":"2.0"}}];let p=new X0.XMLBuilder({ignoreAttributes:!1,suppressEmptyNode:!0,preserveOrder:!0}).build(l);if(e.signature){const m=await fetch(t.env.SAML_SIGN_URL,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({xmlContent:p,privateKey:e.signature.privateKeyPem,publicCert:e.signature.cert})});if(!m.ok)throw new Error(`Failed to sign SAML response: ${m.status}`);p=await m.text()}return e.encode===!1?p:btoa(p)}var ny={deno:"Deno",bun:"Bun",workerd:"Cloudflare-Workers",node:"Node.js"},ry=()=>{var n,r;const t=globalThis;if(typeof navigator<"u"&&typeof navigator.userAgent=="string"){for(const[i,s]of Object.entries(ny))if(iy(s))return i}return typeof(t==null?void 0:t.EdgeRuntime)=="string"?"edge-light":(t==null?void 0:t.fastly)!==void 0?"fastly":((r=(n=t==null?void 0:t.process)==null?void 0:n.release)==null?void 0:r.name)==="node"?"node":"other"},iy=t=>navigator.userAgent.startsWith(t);function nt(t,e){ry()==="workerd"&&t.executionCtx.waitUntil(e)}function on(t){var e,n,r;return{auth0Client:(e=t.query("auth0Client"))==null?void 0:e.slice(0,255),ip:(n=t.header("x-real-ip"))==null?void 0:n.slice(0,45),useragent:(r=t.header("user-agent"))==null?void 0:r.slice(0,512)}}const Ju=["sub","iss","aud","exp","nbf","iat","jti"];async function to(t,e){var _,w;const{authParams:n,user:r,client:i,session_id:s}=e,c=(await t.env.data.keys.list()).filter(S=>!S.revoked_at||new Date(S.revoked_at)>new Date),l=c[c.length-1];if(!(l!=null&&l.pkcs7))throw new z(500,{message:"No signing key available"});const u=S_(l.pkcs7),p={aud:n.audience||"default",scope:n.scope||"",sub:(r==null?void 0:r.user_id)||n.client_id,iss:t.env.ISSUER,tenant_id:t.var.tenant_id,sid:s},h=r&&((_=n.scope)!=null&&_.split(" ").includes("openid"))?{aud:n.client_id,sub:r.user_id,iss:t.env.ISSUER,sid:s,nonce:n.nonce,given_name:r.given_name,family_name:r.family_name,nickname:r.nickname,picture:r.picture,locale:r.locale,name:r.name,email:r.email,email_verified:r.email_verified}:void 0;(w=t.env.hooks)!=null&&w.onExecuteCredentialsExchange&&await t.env.hooks.onExecuteCredentialsExchange({client:i,user:r,request:{ip:t.req.header("x-real-ip")||"",user_agent:t.req.header("user-agent")||"",method:t.req.method,url:t.req.url},scope:n.scope||"",grant_type:""},{accessToken:{setCustomClaim:(S,C)=>{if(Ju.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);p[S]=C}},idToken:{setCustomClaim:(S,C)=>{if(Ju.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);h&&(h[S]=C)}},access:{deny:S=>{throw new z(400,{message:`Access denied: ${S}`})}}});const m={includeIssuedTimestamp:!0,expiresIn:new sl(1,"d"),headers:{kid:l.kid}},v=await Du("RS256",u,p,m),f=h?await Du("RS256",u,h,m):void 0;return{access_token:v,refresh_token:e.refresh_token,id_token:f,token_type:"Bearer",expires_in:86400}}async function Df(t,e){return e.loginSession||(e.loginSession=await t.env.data.loginSessions.create(e.client.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:e.authParams,authorization_url:t.req.url,csrf_token:xe(),...on(t.req)})),{code:(await t.env.data.codes.create(e.client.tenant.id,{code_id:xe(),user_id:e.user.user_id,code_type:"authorization_code",login_id:e.loginSession.id,expires_at:new Date(Date.now()+z_*1e3).toISOString()})).code_id,state:e.authParams.state}}async function sy(t,e){const{client:n,scope:r,audience:i=n.tenant.audience,session_id:s}=e;return await t.env.data.refreshTokens.create(n.tenant.id,{id:xe(),session_id:s,client_id:n.id,expires_at:new Date(Date.now()+Qs*1e3).toISOString(),user_id:e.user.user_id,device:{last_ip:t.req.header("x-real-ip")||"",initial_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||"",initial_user_agent:t.req.header("user-agent")||"",initial_asn:"",last_asn:""},resource_servers:[{audience:i,scopes:r}],rotating:!1})}async function Hf(t,{user:e,client:n,loginSession:r}){const i=await t.env.data.sessions.create(n.tenant.id,{id:xe(),user_id:e.user_id,idle_expires_at:new Date(Date.now()+Qs*1e3).toISOString(),device:{last_ip:t.req.header("x-real-ip")||"",initial_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||"",initial_user_agent:t.req.header("user-agent")||"",initial_asn:"",last_asn:""},clients:[n.id]});await t.env.data.loginSessions.update(n.tenant.id,r.id,{session_id:i.id});const{scope:s,audience:a}=r.authParams,c=s!=null&&s.split(" ").includes("offline_access")?await sy(t,{session_id:i.id,user:e,client:n,scope:s,audience:a}):void 0;return{...i,refresh_token:c}}async function an(t,e){var v;const{authParams:n,user:r,client:i,ticketAuth:s}=e,a=ve(t,{type:he.SUCCESS_LOGIN,description:`Successful login for ${r.user_id}`,userId:r.user_id});if(nt(t,t.env.data.logs.create(i.tenant.id,a)),nt(t,t.env.data.users.update(i.tenant.id,r.user_id,{last_login:new Date().toISOString(),last_ip:t.req.header("x-real-ip")||"",login_count:r.login_count+1})),s){if(!e.loginSession)throw new z(500,{message:"Login session not found"});const f=x_(),_=xe(12),w=await t.env.data.codes.create(i.tenant.id,{code_id:xe(),code_type:"ticket",login_id:e.loginSession.id,expires_at:new Date(Date.now()+C_).toISOString(),code_verifier:[_,f].join("|")});return t.json({login_ticket:w.code_id,co_verifier:f,co_id:_})}let c=e.refreshToken,l=e.sessionId,u=r;if(!l){if(!e.loginSession)throw new z(500,{message:"Login session not found"});u=await ly(t,t.env.data)(i.tenant.id,r);const f=await Hf(t,{user:r,client:i,loginSession:e.loginSession});l=f.id,c=(v=f.refresh_token)==null?void 0:v.id}if(e.authParams.response_mode===Xt.SAML_POST)return ey(t,e.client,e.authParams,u,l);const p=await to(t,{authParams:n,user:u,client:i,session_id:l,refresh_token:c}),h=new Headers({"set-cookie":Tf(i.tenant.id,l,t.req.header("host"))});if(n.response_mode===Xt.WEB_MESSAGE)return t.json(p,{headers:h});if((n.response_type||Pt.CODE)===Pt.CODE){const f=await Df(t,e);if(!n.redirect_uri)throw new z(400,{message:"Redirect uri not found"});const _=new URL(n.redirect_uri);_.searchParams.set("code",f.code),f.state&&_.searchParams.set("state",f.state),h.set("location",_.toString())}return new Response("Redirecting",{status:302,headers:h})}async function oy(t,e,n){const r=await t.env.data.tenants.get(e);if(!r)throw new Error(`Tenant not found: ${e}`);return to(t,{client:{id:t.env.ISSUER,tenant:r,created_at:new Date().toISOString(),updated_at:new Date().toISOString(),name:t.env.ISSUER,disable_sign_ups:!1,connections:[]},authParams:{client_id:t.env.ISSUER,response_type:Pt.TOKEN,scope:n}})}async function dl(t,e,n){const r=await oy(t,n.tenant_id,"webhook");for await(const i of e)if(!(await fetch(i.url,{method:"POST",headers:{Authorization:`Bearer ${r.access_token}`,"Content-Type":"application/json"},body:JSON.stringify(n)})).ok){const a=ve(t,{type:he.FAILED_HOOK,description:`Failed to invoke hook ${i.hook_id}`});await t.env.data.logs.create(n.tenant_id,a)}}function ay(t){return async(e,n)=>{const{hooks:r}=await t.env.data.hooks.list(e);return await dl(t,r,{tenant_id:e,user:n,trigger_id:"post-user-registration"}),n}}function cy(t){return async(e,n)=>{const{hooks:r}=await t.env.data.hooks.list(e,{q:"trigger_id:pre-user-signup",page:0,per_page:100,include_totals:!1});await dl(t,r,{tenant_id:e,email:n,trigger_id:"pre-user-signup"})}}function ly(t,e){return async(n,r)=>{const{hooks:i}=await e.hooks.list(n,{q:"trigger_id:post-user-login",page:0,per_page:100,include_totals:!1});return await dl(t,i,{tenant_id:n,user:r,trigger_id:"post-user-login"}),r}}function uy(t,e){return async(n,r)=>{var a,c,l;const i={method:t.req.method,ip:t.req.query("x-real-ip")||"",user_agent:t.req.query("user-agent"),url:((a=t.var.loginSession)==null?void 0:a.authorization_url)||t.req.url};if((c=t.env.hooks)!=null&&c.onExecutePreUserRegistration)try{await t.env.hooks.onExecutePreUserRegistration({user:r,request:i},{user:{setUserMetadata:async(u,p)=>{r[u]=p}}})}catch{const p=ve(t,{type:he.FAILED_SIGNUP,description:"Pre user registration hook failed"});await e.logs.create(n,p)}let s=await m_(e)(n,r);if((l=t.env.hooks)!=null&&l.onExecutePostUserRegistration)try{await t.env.hooks.onExecutePostUserRegistration({user:r,request:i},{user:{}})}catch{const p=ve(t,{type:he.FAILED_SIGNUP,description:"Post user registration hook failed"});await t.env.data.logs.create(n,p)}return await ay(t)(n,s),s}}async function dy(t,e,n,r){var i,s;if(e.disable_sign_ups&&!(((s=(i=t.var.loginSession)==null?void 0:i.authParams)==null?void 0:s.prompt)==="signup")&&!await ro({userAdapter:n.users,tenant_id:e.tenant.id,email:r})){const l=ve(t,{type:he.FAILED_SIGNUP,description:"Public signup is disabled"});throw await n.logs.create(e.tenant.id,l),new z(400,{message:"Signups are disabled for this client"})}await cy(t)(t.var.tenant_id||"",r)}function no(t,e){return{...e,users:{...e.users,create:uy(t,e)}}}function Ff(t){return no(t,t.env.data)}async function pl(t,e,n){return(await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n}`})).users}async function ur({userAdapter:t,tenant_id:e,email:n,provider:r}){const{users:i}=await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n} provider:${r}`});return i.length>1&&console.error("More than one user found for same email and provider"),i[0]||null}async function ro({userAdapter:t,tenant_id:e,email:n}){var c;const{users:r}=await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n}`}),i=r.filter(l=>!(l.provider==="auth2"&&!l.email_verified));if(i.length===0)return;const s=i.filter(l=>!l.linked_to);if(s.length>0)return s.length>1&&console.error("More than one primary user found for same email"),s[0];const a=await t.get(e,(c=i[0])==null?void 0:c.linked_to);if(!a)throw new Error("Primary account not found");return a}async function ls({userAdapter:t,tenant_id:e,email:n,provider:r}){const i=await ur({userAdapter:t,tenant_id:e,email:n,provider:r});return i?i.linked_to?t.get(e,i.linked_to):i:null}async function io(t,e){const{email:n,provider:r,connection:i,client:s,userId:a,isSocial:c,profileData:l={},ip:u=""}=e;let p=await ls({userAdapter:t.env.data.users,tenant_id:e.client.tenant.id,email:n,provider:r});if(!p){const h={user_id:`${r}|${a||Xs()}`,email:n,name:n,provider:r,connection:i,email_verified:!0,last_ip:u,is_social:c,last_login:new Date().toISOString(),profileData:JSON.stringify(l)};p=await Ff(t).users.create(s.tenant.id,h),t.set("user_id",p.user_id)}return p}const Qt=o.z.object({page:o.z.string().min(0).optional().default("0").transform(t=>parseInt(t,10)).openapi({description:"The page number where 0 is the first page"}),per_page:o.z.string().min(1).optional().default("10").transform(t=>parseInt(t,10)).openapi({description:"The number of items per page"}),include_totals:o.z.string().optional().default("false").transform(t=>t==="true").openapi({description:"If the total number of items should be included in the response"}),sort:o.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"A property that should have the format 'string:-1' or 'string:1'"}),q:o.z.string().optional().openapi({description:"A lucene query string used to filter the results"})});function dr(t){if(!t)return;const[e,n]=t.split(":"),r=n==="1"?"asc":"desc";if(!(!e||!r))return{sort_by:e,sort_order:r}}const Zu=rn.extend({users:o.z.array(xt)}),py=rn.extend({sessions:o.z.array(Ys)}),fy=new o.OpenAPIHono().openapi(o.createRoute({tags:["users"],method:"get",path:"/",request:{query:Qt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(xt),Zu])}},description:"List of users"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),{"tenant-id":a}=t.req.valid("header");if(s!=null&&s.includes("identities.profileData.email")){const p=s.split("=")[1],m=(await t.env.data.users.list(a,{page:e,per_page:n,include_totals:r,q:`email:${p}`})).users.filter(_=>_.linked_to),[v]=m;if(!v)return t.json([]);const f=await t.env.data.users.get(a,v.linked_to);if(!f)throw new z(500,{message:"Primary account not found"});return t.json([xt.parse(f)])}const c=["-_exists_:linked_to"];s&&c.push(s);const l=await t.env.data.users.list(a,{page:e,per_page:n,include_totals:r,sort:dr(i),q:c.join(" ")}),u=l.users.filter(p=>!p.linked_to);return r?t.json(Zu.parse({users:u,length:l.length,start:l.start,limit:l.limit})):t.json(o.z.array(xt).parse(u))}).openapi(o.createRoute({tags:["users"],method:"get",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:xt}},description:"List of users"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{"tenant-id":n}=t.req.valid("header"),r=await t.env.data.users.get(n,e);if(!r)throw new z(404);if(r.linked_to)throw new z(404,{message:"User is linked to another user"});return t.json(r)}).openapi(o.createRoute({tags:["users"],method:"delete",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{"tenant-id":n}=t.req.valid("header");if(!await t.env.data.users.remove(n,e))throw new z(404);return t.text("OK")}).openapi(o.createRoute({tags:["users"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object({...ts.shape})}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:xt}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");t.set("body",n);const{email:r}=n;if(!r)throw new z(400,{message:"Email is required"});const i=r.toLowerCase(),s=`${n.provider}|${n.user_id||Xs()}`;try{const a=await t.env.data.users.create(e,{email:i,user_id:s,name:n.name||i,provider:n.provider,connection:n.connection,email_verified:n.email_verified||!1,last_ip:"",is_social:!1,last_login:new Date().toISOString()});t.set("user_id",a.user_id);const c=ve(t,{type:he.SUCCESS_API_OPERATION,description:"User created"});nt(t,t.env.data.logs.create(e,c));const l={...a,identities:[{connection:a.connection,provider:a.provider,user_id:qu(a.user_id),isSocial:a.is_social}]};return t.json(xt.parse(l),{status:201})}catch(a){throw a.message==="User already exists"?new z(409,{message:"User already exists"}):a}}).openapi(o.createRoute({tags:["users"],method:"patch",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object({...ts.shape,verify_email:o.z.boolean(),password:o.z.string()}).partial()}}},params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{var p;const{data:e}=t.env,{"tenant-id":n}=t.req.valid("header"),r=t.req.valid("json"),{user_id:i}=t.req.valid("param"),{verify_email:s,password:a,...c}=r,l=await e.users.get(n,i);if(!l)throw new z(404);if(c.email&&c.email!==l.email){const h=await pl(t.env.data.users,n,c.email);if(h.length&&h.some(m=>m.user_id!==i))throw new z(409,{message:"Another user with the same email address already exists."})}if(l.linked_to)throw new z(404,{message:"User is linked to another user"});if(await t.env.data.users.update(n,i,c),a){const h=(p=l.identities)==null?void 0:p.find(f=>f.connection==="Username-Password-Authentication");if(!h)throw new z(400,{message:"User does not have a password identity"});const m={user_id:h.user_id,password:await si.hash(a,10),algorithm:"bcrypt"};await e.passwords.get(n,h.user_id)?await e.passwords.update(n,m):await e.passwords.create(n,m)}const u=await t.env.data.users.get(n,i);if(!u)throw new z(500);return t.json(u)}).openapi(o.createRoute({tags:["users"],method:"post",path:"/{user_id}/identities",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.union([o.z.object({link_with:o.z.string()}),o.z.object({user_id:o.z.string(),provider:o.z.string(),connection:o.z.string().optional()})])}}},params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:o.z.array(o.z.object({connection:o.z.string(),provider:o.z.string(),user_id:o.z.string(),isSocial:o.z.boolean()}))}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),{user_id:r}=t.req.valid("param"),i="link_with"in n?n.link_with:n.user_id,s=await t.env.data.users.get(e,r);if(!s)throw new z(400,{message:"Linking an inexistent identity is not allowed."});await t.env.data.users.update(e,i,{linked_to:r});const a=await t.env.data.users.list(e,{page:0,per_page:10,include_totals:!1,q:`linked_to:${r}`}),c=[s,...a.users].map(l=>({connection:l.connection,provider:l.provider,user_id:qu(l.user_id),isSocial:l.is_social}));return t.json(c,{status:201})}).openapi(o.createRoute({tags:["users"],method:"delete",path:"/{user_id}/identities/{provider}/{linked_user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string(),provider:o.z.string(),linked_user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:o.z.array(xt)}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{user_id:n,provider:r,linked_user_id:i}=t.req.valid("param");await t.env.data.users.unlink(e,n,r,i);const s=await t.env.data.users.get(e,n);if(!s)throw new z(404);return t.json([xt.parse(s)])}).openapi(o.createRoute({tags:["users"],method:"get",path:"/{user_id}/sessions",request:{query:Qt,headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Ys),py])}},description:"List of sessions"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{include_totals:n}=t.req.valid("query"),{"tenant-id":r}=t.req.valid("header"),i=await t.env.data.sessions.list(r,{page:0,per_page:10,include_totals:!1,q:`user_id:${e}`});return n?t.json(i):t.json(i.sessions)});/*! *****************************************************************************
30
30
  Copyright (C) Microsoft. All rights reserved.
31
31
  Licensed under the Apache License, Version 2.0 (the "License"); you may not use
32
32
  this file except in compliance with the License. You may obtain a copy of the
package/dist/authhero.d.ts CHANGED
@@ -5017,7 +5017,7 @@ export declare function init(config: AuthHeroConfig): {
5017
5017
  idle_expires_at?: string | undefined;
5018
5018
  last_exchanged_at?: string | undefined;
5019
5019
  };
5020
- outputFormat: "json" | "text";
5020
+ outputFormat: "json";
5021
5021
  status: 200;
5022
5022
  };
5023
5023
  };
@@ -5071,7 +5071,7 @@ export declare function init(config: AuthHeroConfig): {
5071
5071
  revoked_at?: string | undefined;
5072
5072
  idle_expires_at?: string | undefined;
5073
5073
  };
5074
- outputFormat: "json" | "text";
5074
+ outputFormat: "json";
5075
5075
  status: 200;
5076
5076
  };
5077
5077
  };
@@ -5123,7 +5123,7 @@ export declare function init(config: AuthHeroConfig): {
5123
5123
  password_first: boolean;
5124
5124
  webauthn_platform_first_factor: boolean;
5125
5125
  };
5126
- outputFormat: "json" | "text";
5126
+ outputFormat: "json";
5127
5127
  status: 200;
5128
5128
  };
5129
5129
  };
@@ -5217,7 +5217,7 @@ export declare function init(config: AuthHeroConfig): {
5217
5217
  enabled_clients?: string[] | undefined;
5218
5218
  }[];
5219
5219
  };
5220
- outputFormat: "json" | "text";
5220
+ outputFormat: "json";
5221
5221
  status: 200;
5222
5222
  };
5223
5223
  };
@@ -5258,7 +5258,7 @@ export declare function init(config: AuthHeroConfig): {
5258
5258
  response_mode?: AuthorizationResponseMode | undefined;
5259
5259
  enabled_clients?: string[] | undefined;
5260
5260
  };
5261
- outputFormat: "json" | "text";
5261
+ outputFormat: "json";
5262
5262
  status: 200;
5263
5263
  };
5264
5264
  };
@@ -5340,7 +5340,7 @@ export declare function init(config: AuthHeroConfig): {
5340
5340
  response_mode?: AuthorizationResponseMode | undefined;
5341
5341
  enabled_clients?: string[] | undefined;
5342
5342
  };
5343
- outputFormat: "json" | "text";
5343
+ outputFormat: "json";
5344
5344
  status: 200;
5345
5345
  };
5346
5346
  };
@@ -5401,7 +5401,7 @@ export declare function init(config: AuthHeroConfig): {
5401
5401
  response_mode?: AuthorizationResponseMode | undefined;
5402
5402
  enabled_clients?: string[] | undefined;
5403
5403
  };
5404
- outputFormat: "json" | "text";
5404
+ outputFormat: "json";
5405
5405
  status: 201;
5406
5406
  };
5407
5407
  };
@@ -5445,7 +5445,7 @@ export declare function init(config: AuthHeroConfig): {
5445
5445
  priority?: number | undefined;
5446
5446
  }[];
5447
5447
  };
5448
- outputFormat: "json" | "text";
5448
+ outputFormat: "json";
5449
5449
  status: 200;
5450
5450
  };
5451
5451
  };
@@ -5476,7 +5476,7 @@ export declare function init(config: AuthHeroConfig): {
5476
5476
  synchronous: boolean;
5477
5477
  priority?: number | undefined;
5478
5478
  };
5479
- outputFormat: "json" | "text";
5479
+ outputFormat: "json";
5480
5480
  status: 201;
5481
5481
  };
5482
5482
  };
@@ -5493,8 +5493,8 @@ export declare function init(config: AuthHeroConfig): {
5493
5493
  };
5494
5494
  } & {
5495
5495
  json: {
5496
- enabled?: boolean | undefined;
5497
5496
  url?: string | undefined;
5497
+ enabled?: boolean | undefined;
5498
5498
  trigger_id?: "post-user-login" | "post-user-registration" | "pre-user-signup" | undefined;
5499
5499
  synchronous?: boolean | undefined;
5500
5500
  priority?: number | undefined;
@@ -5514,15 +5514,15 @@ export declare function init(config: AuthHeroConfig): {
5514
5514
  };
5515
5515
  } & {
5516
5516
  json: {
5517
- enabled?: boolean | undefined;
5518
5517
  url?: string | undefined;
5518
+ enabled?: boolean | undefined;
5519
5519
  trigger_id?: "post-user-login" | "post-user-registration" | "pre-user-signup" | undefined;
5520
5520
  synchronous?: boolean | undefined;
5521
5521
  priority?: number | undefined;
5522
5522
  };
5523
5523
  };
5524
5524
  output: never;
5525
- outputFormat: "json" | "text";
5525
+ outputFormat: "json";
5526
5526
  status: 200;
5527
5527
  };
5528
5528
  };
@@ -5561,7 +5561,7 @@ export declare function init(config: AuthHeroConfig): {
5561
5561
  synchronous: boolean;
5562
5562
  priority?: number | undefined;
5563
5563
  };
5564
- outputFormat: "json" | "text";
5564
+ outputFormat: "json";
5565
5565
  status: 200;
5566
5566
  };
5567
5567
  };
@@ -5660,7 +5660,7 @@ export declare function init(config: AuthHeroConfig): {
5660
5660
  } | undefined;
5661
5661
  }[];
5662
5662
  };
5663
- outputFormat: "json" | "text";
5663
+ outputFormat: "json";
5664
5664
  status: 200;
5665
5665
  };
5666
5666
  };
@@ -5705,7 +5705,7 @@ export declare function init(config: AuthHeroConfig): {
5705
5705
  } | undefined;
5706
5706
  } | undefined;
5707
5707
  };
5708
- outputFormat: "json" | "text";
5708
+ outputFormat: "json";
5709
5709
  status: 200;
5710
5710
  };
5711
5711
  };
@@ -5721,9 +5721,9 @@ export declare function init(config: AuthHeroConfig): {
5721
5721
  q?: string | undefined;
5722
5722
  };
5723
5723
  };
5724
- output: {};
5725
- outputFormat: string;
5726
- status: 200;
5724
+ output: Response;
5725
+ outputFormat: "json";
5726
+ status: import("hono/utils/http-status").StatusCode;
5727
5727
  };
5728
5728
  };
5729
5729
  } & {
@@ -5734,9 +5734,9 @@ export declare function init(config: AuthHeroConfig): {
5734
5734
  id: string;
5735
5735
  };
5736
5736
  };
5737
- output: {};
5738
- outputFormat: string;
5739
- status: 200;
5737
+ output: Response;
5738
+ outputFormat: "json";
5739
+ status: import("hono/utils/http-status").StatusCode;
5740
5740
  };
5741
5741
  };
5742
5742
  } & {
@@ -5795,9 +5795,9 @@ export declare function init(config: AuthHeroConfig): {
5795
5795
  language?: string | undefined;
5796
5796
  };
5797
5797
  };
5798
- output: {};
5799
- outputFormat: string;
5800
- status: 200;
5798
+ output: Response;
5799
+ outputFormat: "json";
5800
+ status: import("hono/utils/http-status").StatusCode;
5801
5801
  };
5802
5802
  };
5803
5803
  }, "/tenants"> & import("hono/types").MergeSchemaPath<{
@@ -5892,7 +5892,7 @@ export declare function init(config: AuthHeroConfig): {
5892
5892
  client_secret?: string | undefined;
5893
5893
  }[];
5894
5894
  };
5895
- outputFormat: "json" | "text";
5895
+ outputFormat: "json";
5896
5896
  status: 200;
5897
5897
  };
5898
5898
  };
@@ -5944,7 +5944,7 @@ export declare function init(config: AuthHeroConfig): {
5944
5944
  email_validation?: "enabled" | "disabled" | "enforced" | undefined;
5945
5945
  client_secret?: string | undefined;
5946
5946
  };
5947
- outputFormat: "json" | "text";
5947
+ outputFormat: "json";
5948
5948
  status: 200;
5949
5949
  };
5950
5950
  };
@@ -6046,7 +6046,7 @@ export declare function init(config: AuthHeroConfig): {
6046
6046
  email_validation?: "enabled" | "disabled" | "enforced" | undefined;
6047
6047
  client_secret?: string | undefined;
6048
6048
  };
6049
- outputFormat: "json" | "text";
6049
+ outputFormat: "json";
6050
6050
  status: 200;
6051
6051
  };
6052
6052
  };
@@ -6127,7 +6127,7 @@ export declare function init(config: AuthHeroConfig): {
6127
6127
  } | undefined;
6128
6128
  email_validation?: "enabled" | "disabled" | "enforced" | undefined;
6129
6129
  };
6130
- outputFormat: "json" | "text";
6130
+ outputFormat: "json";
6131
6131
  status: 201;
6132
6132
  };
6133
6133
  };
@@ -6143,9 +6143,9 @@ export declare function init(config: AuthHeroConfig): {
6143
6143
  "tenant-id": string;
6144
6144
  };
6145
6145
  };
6146
- output: {};
6147
- outputFormat: string;
6148
- status: 200;
6146
+ output: Response;
6147
+ outputFormat: "json";
6148
+ status: import("hono/utils/http-status").StatusCode;
6149
6149
  };
6150
6150
  };
6151
6151
  }, "/users-by-email"> & import("hono/types").MergeSchemaPath<{
@@ -6170,7 +6170,7 @@ export declare function init(config: AuthHeroConfig): {
6170
6170
  current_until?: string | undefined;
6171
6171
  revoked?: boolean | undefined;
6172
6172
  }[];
6173
- outputFormat: "json" | "text";
6173
+ outputFormat: "json";
6174
6174
  status: 200;
6175
6175
  };
6176
6176
  };
@@ -6200,7 +6200,7 @@ export declare function init(config: AuthHeroConfig): {
6200
6200
  current_until?: string | undefined;
6201
6201
  revoked?: boolean | undefined;
6202
6202
  };
6203
- outputFormat: "json" | "text";
6203
+ outputFormat: "json";
6204
6204
  status: 200;
6205
6205
  };
6206
6206
  };
@@ -6344,7 +6344,7 @@ export declare function init(config: AuthHeroConfig): {
6344
6344
  }[] | undefined;
6345
6345
  }[];
6346
6346
  };
6347
- outputFormat: "json" | "text";
6347
+ outputFormat: "json";
6348
6348
  status: 200;
6349
6349
  };
6350
6350
  };
@@ -6405,7 +6405,7 @@ export declare function init(config: AuthHeroConfig): {
6405
6405
  } | undefined;
6406
6406
  }[] | undefined;
6407
6407
  };
6408
- outputFormat: "json" | "text";
6408
+ outputFormat: "json";
6409
6409
  status: 200;
6410
6410
  };
6411
6411
  };
@@ -6502,7 +6502,7 @@ export declare function init(config: AuthHeroConfig): {
6502
6502
  } | undefined;
6503
6503
  }[] | undefined;
6504
6504
  };
6505
- outputFormat: "json" | "text";
6505
+ outputFormat: "json";
6506
6506
  status: 200;
6507
6507
  };
6508
6508
  };
@@ -6573,7 +6573,7 @@ export declare function init(config: AuthHeroConfig): {
6573
6573
  provider: string;
6574
6574
  isSocial: boolean;
6575
6575
  }[];
6576
- outputFormat: "json" | "text";
6576
+ outputFormat: "json";
6577
6577
  status: 200;
6578
6578
  };
6579
6579
  };
@@ -6636,7 +6636,7 @@ export declare function init(config: AuthHeroConfig): {
6636
6636
  } | undefined;
6637
6637
  }[] | undefined;
6638
6638
  }[];
6639
- outputFormat: "json" | "text";
6639
+ outputFormat: "json";
6640
6640
  status: 200;
6641
6641
  };
6642
6642
  };
@@ -6706,7 +6706,7 @@ export declare function init(config: AuthHeroConfig): {
6706
6706
  idle_expires_at?: string | undefined;
6707
6707
  }[];
6708
6708
  };
6709
- outputFormat: "json" | "text";
6709
+ outputFormat: "json";
6710
6710
  status: 200;
6711
6711
  };
6712
6712
  };
@@ -6743,7 +6743,7 @@ export declare function init(config: AuthHeroConfig): {
6743
6743
  default_from_address?: string | undefined;
6744
6744
  settings?: {} | undefined;
6745
6745
  };
6746
- outputFormat: "json" | "text";
6746
+ outputFormat: "json";
6747
6747
  status: 200;
6748
6748
  };
6749
6749
  };
@@ -6862,7 +6862,7 @@ export declare function init(config: AuthHeroConfig): {
6862
6862
  }[];
6863
6863
  } | undefined;
6864
6864
  }[];
6865
- outputFormat: "json" | "text";
6865
+ outputFormat: "json";
6866
6866
  status: 200;
6867
6867
  };
6868
6868
  };
@@ -6899,7 +6899,7 @@ export declare function init(config: AuthHeroConfig): {
6899
6899
  }[];
6900
6900
  } | undefined;
6901
6901
  };
6902
- outputFormat: "json" | "text";
6902
+ outputFormat: "json";
6903
6903
  status: 200;
6904
6904
  };
6905
6905
  };
@@ -6973,7 +6973,7 @@ export declare function init(config: AuthHeroConfig): {
6973
6973
  }[];
6974
6974
  } | undefined;
6975
6975
  };
6976
- outputFormat: "json" | "text";
6976
+ outputFormat: "json";
6977
6977
  status: 200;
6978
6978
  };
6979
6979
  };
@@ -7016,7 +7016,7 @@ export declare function init(config: AuthHeroConfig): {
7016
7016
  }[];
7017
7017
  } | undefined;
7018
7018
  };
7019
- outputFormat: "json" | "text";
7019
+ outputFormat: "json";
7020
7020
  status: 201;
7021
7021
  };
7022
7022
  };
@@ -7053,7 +7053,7 @@ export declare function init(config: AuthHeroConfig): {
7053
7053
  }[];
7054
7054
  } | undefined;
7055
7055
  };
7056
- outputFormat: "json" | "text";
7056
+ outputFormat: "json";
7057
7057
  status: 200;
7058
7058
  };
7059
7059
  };
@@ -7081,7 +7081,7 @@ export declare function init(config: AuthHeroConfig): {
7081
7081
  url: string;
7082
7082
  } | undefined;
7083
7083
  };
7084
- outputFormat: "json" | "text";
7084
+ outputFormat: "json";
7085
7085
  status: 200;
7086
7086
  };
7087
7087
  };
@@ -7317,7 +7317,7 @@ export declare function init(config: AuthHeroConfig): {
7317
7317
  email_verified: boolean;
7318
7318
  _id: string;
7319
7319
  };
7320
- outputFormat: "json" | "text";
7320
+ outputFormat: "json";
7321
7321
  status: 200;
7322
7322
  };
7323
7323
  };
@@ -7374,7 +7374,7 @@ export declare function init(config: AuthHeroConfig): {
7374
7374
  scope?: string | undefined;
7375
7375
  id_token?: string | undefined;
7376
7376
  };
7377
- outputFormat: "json" | "text";
7377
+ outputFormat: "json";
7378
7378
  status: 200;
7379
7379
  };
7380
7380
  };
@@ -7394,7 +7394,7 @@ export declare function init(config: AuthHeroConfig): {
7394
7394
  use?: "sig" | "enc" | undefined;
7395
7395
  }[];
7396
7396
  };
7397
- outputFormat: "json" | "text";
7397
+ outputFormat: "json";
7398
7398
  status: 200;
7399
7399
  };
7400
7400
  };
@@ -7424,7 +7424,7 @@ export declare function init(config: AuthHeroConfig): {
7424
7424
  request_parameter_supported: boolean;
7425
7425
  token_endpoint_auth_signing_alg_values_supported: string[];
7426
7426
  };
7427
- outputFormat: "json" | "text";
7427
+ outputFormat: "json";
7428
7428
  status: 200;
7429
7429
  };
7430
7430
  };
@@ -7439,7 +7439,7 @@ export declare function init(config: AuthHeroConfig): {
7439
7439
  given_name?: string | undefined;
7440
7440
  family_name?: string | undefined;
7441
7441
  };
7442
- outputFormat: "json" | "text";
7442
+ outputFormat: "json";
7443
7443
  status: 200;
7444
7444
  };
7445
7445
  };
package/dist/authhero.mjs CHANGED
@@ -5903,16 +5903,17 @@ function iy(t, e) {
5903
5903
  };
5904
5904
  }
5905
5905
  async function sy(t, e, n, r) {
5906
- if (e.disable_sign_ups && !await Gs({
5906
+ var i, s;
5907
+ if (e.disable_sign_ups && !(((s = (i = t.var.loginSession) == null ? void 0 : i.authParams) == null ? void 0 : s.prompt) === "signup") && !await Gs({
5907
5908
  userAdapter: n.users,
5908
5909
  tenant_id: e.tenant.id,
5909
5910
  email: r
5910
5911
  })) {
5911
- const s = be(t, {
5912
+ const l = be(t, {
5912
5913
  type: _e.FAILED_SIGNUP,
5913
5914
  description: "Public signup is disabled"
5914
5915
  });
5915
- throw await n.logs.create(e.tenant.id, s), new N(400, {
5916
+ throw await n.logs.create(e.tenant.id, l), new N(400, {
5916
5917
  message: "Signups are disabled for this client"
5917
5918
  });
5918
5919
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "authhero",
3
- "version": "0.101.0",
3
+ "version": "0.102.0",
4
4
  "files": [
5
5
  "dist"
6
6
  ],
@@ -15,7 +15,7 @@
15
15
  }
16
16
  },
17
17
  "devDependencies": {
18
- "@hono/zod-openapi": "^0.18.0",
18
+ "@hono/zod-openapi": "^0.19.2",
19
19
  "@types/node": "^22.9.1",
20
20
  "better-sqlite3": "^11.5.0",
21
21
  "dts-bundle-generator": "^9.5.1",
@@ -40,7 +40,7 @@
40
40
  "@authhero/adapter-interfaces": "^0.55.0"
41
41
  },
42
42
  "peerDependencies": {
43
- "@hono/zod-openapi": "^0.18.0",
43
+ "@hono/zod-openapi": "^0.19.2",
44
44
  "hono": "^4.6.11"
45
45
  },
46
46
  "scripts": {