authhero 0.162.0 → 0.163.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/authhero.cjs +1 -1
  2. package/dist/authhero.mjs +2 -1
  3. package/package.json +1 -1
package/dist/authhero.cjs CHANGED
@@ -194,7 +194,7 @@ In order to be iterable, non-array objects must have a [Symbol.iterator]() metho
194
194
  <\/script>
195
195
  </body>
196
196
 
197
- </html>`}async function i8({ctx:t,client:e,session:n,redirect_uri:r,state:i,nonce:o,code_challenge_method:c,code_challenge:l,audience:u,scope:d,response_type:f}){const{env:h}=t,m=new URL(r),A=`${m.protocol}//${m.host}`;async function _(H="Login required"){const W=qe(t,{type:Fe.FAILED_SILENT_AUTH,description:H});return await t.env.data.logs.create(e.tenant.id,W),t.html(fg(A,JSON.stringify({error:"login_required",error_description:H,state:i})))}if(!n||(n==null?void 0:n.expires_at)&&new Date(n.expires_at)<new Date||(n==null?void 0:n.idle_expires_at)&&new Date(n.idle_expires_at)<new Date)return _();t.set("user_id",n.user_id);const E=await h.data.users.get(e.tenant.id,n.user_id);if(!E)return console.error("User not found",n.user_id),_("User not found");t.set("username",E.email),t.set("connection",E.connection);const S={client:e,authParams:{client_id:e.id,audience:u,code_challenge_method:c,code_challenge:l,scope:d,state:i,nonce:o,response_type:f,redirect_uri:r},user:E,session_id:n.id},x=f===qt.CODE?await Xm(t,{user:E,client:e,authParams:S.authParams,login_id:n.login_session_id}):await hc(t,S);await h.data.sessions.update(e.tenant.id,n.id,{used_at:new Date().toISOString(),last_interaction_at:new Date().toISOString(),device:{...n.device,last_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||""},idle_expires_at:n.idle_expires_at?new Date(Date.now()+pc*1e3).toISOString():void 0});const z=qe(t,{type:Fe.SUCCESS_SILENT_AUTH,description:"Successful silent authentication"});await t.env.data.logs.create(e.tenant.id,z);const q=new Headers;q.set("Server-Timing","cf-nel=0; no-cloudflare-insights=1");const F=su(e.tenant.id,n.id,t.req.header("host"));return q.set("set-cookie",F),t.html(fg(A,JSON.stringify(x)),{headers:q})}const o8=["email","sms","Username-Password-Authentication"],s8=new s.OpenAPIHono().openapi(s.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:s.z.object({client_id:s.z.string(),vendor_id:s.z.string().optional(),redirect_uri:s.z.string(),scope:s.z.string().optional(),state:s.z.string(),prompt:s.z.string().optional(),response_mode:s.z.nativeEnum(En).optional(),response_type:s.z.nativeEnum(qt).optional(),audience:s.z.string().optional(),connection:s.z.string().optional(),nonce:s.z.string().optional(),max_age:s.z.string().optional(),login_ticket:s.z.string().optional(),code_challenge_method:s.z.nativeEnum(ac).optional(),code_challenge:s.z.string().optional(),realm:s.z.string().optional(),auth0Client:s.z.string().optional(),organization:s.z.string().optional(),login_hint:s.z.string().optional(),screen_hint:s.z.string().openapi({example:"signup",description:'Optional hint for the screen to show, like "signup" or "login".'}).optional(),ui_locales:s.z.string().optional()})},responses:{200:{description:"Successful authorization response. This can be an HTML page (e.g., for silent authentication iframe or universal login page) or a JSON object containing tokens (e.g., for response_mode=web_message).",content:{"text/html":{schema:s.z.string().openapi({example:"<html>...</html>"})},"application/json":{schema:Xd}}},302:{description:"Redirect to the client's redirect URI, an authentication page, or an external identity provider.",headers:s.z.object({Location:s.z.string().url()})},400:{description:"Bad Request. Invalid parameters or other client-side errors.",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}},403:{description:"Forbidden. The request is not allowed (e.g., invalid origin).",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}}}}),async t=>{const{env:e}=t,{client_id:n,vendor_id:r,redirect_uri:i,scope:o,state:c,audience:l,nonce:u,connection:d,response_type:f,response_mode:h,code_challenge:m,code_challenge_method:A,prompt:_,login_ticket:b,realm:E,auth0Client:S,login_hint:x,ui_locales:z,organization:q}=t.req.valid("query");t.set("log","authorize");const F=await fs(e,n);t.set("client_id",F.id),t.set("tenant_id",F.tenant.id);const H={redirect_uri:i,scope:o,state:c,client_id:n,vendor_id:r,audience:l,nonce:u,prompt:_,response_type:f,response_mode:h,code_challenge:m,code_challenge_method:A,username:x,ui_locales:z,organization:q},W=t.req.header("origin");if(W&&!e8(W,F.web_origins||[]))throw new B(403,{message:`Origin ${W} not allowed`});if(H.redirect_uri&&!Z1(H.redirect_uri,F.callbacks||[],{allowPathWildcards:!0}))throw new B(400,{message:`Invalid redirect URI - ${H.redirect_uri}`});const J=pa(F.tenant.id,t.req.header("cookie")),ue=J?await e.data.sessions.get(F.tenant.id,J):void 0,Ne=ue&&!ue.revoked_at?ue:void 0;if(_=="none"){if(!f)throw new B(400,{message:"Missing response_type"});return i8({ctx:t,session:Ne||void 0,redirect_uri:i,state:c,response_type:f,client:F,nonce:u,code_challenge_method:A,code_challenge:m,audience:l,scope:o})}if(F.connections.length===1&&F.connections[0]&&!o8.includes(F.connections[0].strategy||""))return Bh(t,F,F.connections[0].name,H);if(d&&d!=="email")return Bh(t,F,d,H);if(b){const L=await r8(t,F.tenant.id,b,H,E);return L instanceof Response?L:t.json(L)}const P=await t8({ctx:t,client:F,auth0Client:S,authParams:H,session:Ne||void 0,connection:d,login_hint:x});return P instanceof Response?P:t.json(P)});function a8(t){const e=new s.OpenAPIHono;e.use(async(r,i)=>{const o=Wo(r,t.dataAdapter),c=cl(o,{defaultTtl:3e5,cacheEntities:["tenants","connections","clients"]});return r.env.data=sl(r,c),i()}),e.use("/oauth/token",Yg({origin:r=>r||"",allowHeaders:["Tenant-Id","Content-Type","Auth0-Client","Upgrade-Insecure-Requests"],allowMethods:["POST"],maxAge:600})),e.use(al).use(Xp(e));const n=e.route("/v2/logout",Nx).route("/userinfo",Cx).route("/.well-known",Ix).route("/oauth/token",G5).route("/dbconnections",J5).route("/passwordless",Y5).route("/co/authenticate",Q5).route("/authorize",s8).route("/callback",kx);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Oauth API"},security:[{oauth2:["openid","email","profile"]}]}),Wp(n),n}var c8={Stringify:1,BeforeStream:2,Stream:3},on=(t,e)=>{const n=new String(t);return n.isEscaped=!0,n.callbacks=e,n},l8=/[&<>'"]/,p_=async(t,e)=>{let n="";e||(e=[]);const r=await Promise.all(t);for(let i=r.length-1;n+=r[i],i--,!(i<0);i--){let o=r[i];typeof o=="object"&&e.push(...o.callbacks||[]);const c=o.isEscaped;if(o=await(typeof o=="object"?o.toString():o),typeof o=="object"&&e.push(...o.callbacks||[]),o.isEscaped??c)n+=o;else{const l=[n];hr(o,l),n=l[0]}}return on(n,e)},hr=(t,e)=>{const n=t.search(l8);if(n===-1){e[0]+=t;return}let r,i,o=0;for(i=n;i<t.length;i++){switch(t.charCodeAt(i)){case 34:r="&quot;";break;case 39:r="&#39;";break;case 38:r="&amp;";break;case 60:r="&lt;";break;case 62:r="&gt;";break;default:continue}e[0]+=t.substring(o,i)+r,o=i+1}e[0]+=t.substring(o,i)},f_=t=>{const e=t.callbacks;if(!(e!=null&&e.length))return t;const n=[t],r={};return e.forEach(i=>i({phase:c8.Stringify,buffer:n,context:r})),n[0]},h_=(t,...e)=>{const n=[""];for(let r=0,i=t.length-1;r<i;r++){n[0]+=t[r];const o=Array.isArray(e[r])?e[r].flat(1/0):[e[r]];for(let c=0,l=o.length;c<l;c++){const u=o[c];if(typeof u=="string")hr(u,n);else if(typeof u=="number")n[0]+=u;else{if(typeof u=="boolean"||u===null||u===void 0)continue;if(typeof u=="object"&&u.isEscaped)if(u.callbacks)n.unshift("",u);else{const d=u.toString();d instanceof Promise?n.unshift("",d):n[0]+=d}else u instanceof Promise?n.unshift("",u):hr(u.toString(),n)}}}return n[0]+=t.at(-1),n.length===1?"callbacks"in n?on(f_(on(n[0],n.callbacks))):on(n[0]):p_(n,n.callbacks)},uf=Symbol("RENDERER"),Dd=Symbol("ERROR_HANDLER"),Qe=Symbol("STASH"),g_=Symbol("INTERNAL"),u8=Symbol("MEMO"),Ya=Symbol("PERMALINK"),hg=t=>(t[g_]=!0,t),m_=t=>({value:e,children:n})=>{if(!n)return;const r={children:[{tag:hg(()=>{t.push(e)}),props:{}}]};Array.isArray(n)?r.children.push(...n.flat()):r.children.push(n),r.children.push({tag:hg(()=>{t.pop()}),props:{}});const i={tag:"",props:r,type:""};return i[Dd]=o=>{throw t.pop(),o},i},__=t=>{const e=[t],n=m_(e);return n.values=e,n.Provider=n,Li.push(n),n},Li=[],d8=t=>{const e=[t],n=r=>{e.push(r.value);let i;try{i=r.children?(Array.isArray(r.children)?new b_("",{},r.children):r.children).toString():""}finally{e.pop()}return i instanceof Promise?i.then(o=>on(o,o.callbacks)):on(i)};return n.values=e,n.Provider=n,n[uf]=m_(e),Li.push(n),n},no=t=>t.values.at(-1),Js={title:[],script:["src"],style:["data-href"],link:["href"],meta:["name","httpEquiv","charset","itemProp"]},Rd={},Ys="data-precedence",gs=t=>Array.isArray(t)?t:[t],gg=new WeakMap,mg=(t,e,n,r)=>({buffer:i,context:o})=>{if(!i)return;const c=gg.get(o)||{};gg.set(o,c);const l=c[t]||(c[t]=[]);let u=!1;const d=Js[t];if(d.length>0){e:for(const[,f]of l)for(const h of d)if(((f==null?void 0:f[h])??null)===(n==null?void 0:n[h])){u=!0;break e}}if(u?i[0]=i[0].replaceAll(e,""):d.length>0?l.push([e,n,r]):l.unshift([e,n,r]),i[0].indexOf("</head>")!==-1){let f;if(r===void 0)f=l.map(([h])=>h);else{const h=[];f=l.map(([m,,A])=>{let _=h.indexOf(A);return _===-1&&(h.push(A),_=h.length-1),[m,_]}).sort((m,A)=>m[1]-A[1]).map(([m])=>m)}f.forEach(h=>{i[0]=i[0].replaceAll(h,"")}),i[0]=i[0].replace(/(?=<\/head>)/,f.join(""))}},ms=(t,e,n)=>on(new sn(t,n,gs(e??[])).toString()),_s=(t,e,n,r)=>{if("itemProp"in n)return ms(t,e,n);let{precedence:i,blocking:o,...c}=n;i=r?i??"":void 0,r&&(c[Ys]=i);const l=new sn(t,c,gs(e||[])).toString();return l instanceof Promise?l.then(u=>on(l,[...u.callbacks||[],mg(t,u,c,i)])):on(l,[mg(t,l,c,i)])},p8=({children:t,...e})=>{const n=df();if(n){const r=no(n);if(r==="svg"||r==="head")return new sn("title",e,gs(t??[]))}return _s("title",t,e,!1)},f8=({children:t,...e})=>{const n=df();return["src","async"].some(r=>!e[r])||n&&no(n)==="head"?ms("script",t,e):_s("script",t,e,!1)},h8=({children:t,...e})=>["href","precedence"].every(n=>n in e)?(e["data-href"]=e.href,delete e.href,_s("style",t,e,!0)):ms("style",t,e),g8=({children:t,...e})=>["onLoad","onError"].some(n=>n in e)||e.rel==="stylesheet"&&(!("precedence"in e)||"disabled"in e)?ms("link",t,e):_s("link",t,e,"precedence"in e),m8=({children:t,...e})=>{const n=df();return n&&no(n)==="head"?ms("meta",t,e):_s("meta",t,e,!1)},y_=(t,{children:e,...n})=>new sn(t,n,gs(e??[])),_8=t=>(typeof t.action=="function"&&(t.action=Ya in t.action?t.action[Ya]:void 0),y_("form",t)),w_=(t,e)=>(typeof e.formAction=="function"&&(e.formAction=Ya in e.formAction?e.formAction[Ya]:void 0),y_(t,e)),y8=t=>w_("input",t),w8=t=>w_("button",t);const Ul=Object.freeze(Object.defineProperty({__proto__:null,button:w8,form:_8,input:y8,link:g8,meta:m8,script:f8,style:h8,title:p8},Symbol.toStringTag,{value:"Module"}));var v8=new Map([["className","class"],["htmlFor","for"],["crossOrigin","crossorigin"],["httpEquiv","http-equiv"],["itemProp","itemprop"],["fetchPriority","fetchpriority"],["noModule","nomodule"],["formAction","formaction"]]),Za=t=>v8.get(t)||t,v_=(t,e)=>{for(const[n,r]of Object.entries(t)){const i=n[0]==="-"||!/[A-Z]/.test(n)?n:n.replace(/[A-Z]/g,o=>`-${o.toLowerCase()}`);e(i,r==null?null:typeof r=="number"?i.match(/^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/)?`${r}`:`${r}px`:r)}},Uo=void 0,df=()=>Uo,b8=t=>/[A-Z]/.test(t)&&t.match(/^(?:al|basel|clip(?:Path|Rule)$|co|do|fill|fl|fo|gl|let|lig|i|marker[EMS]|o|pai|pointe|sh|st[or]|text[^L]|tr|u|ve|w)/)?t.replace(/([A-Z])/g,"-$1").toLowerCase():t,x8=["area","base","br","col","embed","hr","img","input","keygen","link","meta","param","source","track","wbr"],$8=["allowfullscreen","async","autofocus","autoplay","checked","controls","default","defer","disabled","download","formnovalidate","hidden","inert","ismap","itemscope","loop","multiple","muted","nomodule","novalidate","open","playsinline","readonly","required","reversed","selected"],pf=(t,e)=>{for(let n=0,r=t.length;n<r;n++){const i=t[n];if(typeof i=="string")hr(i,e);else{if(typeof i=="boolean"||i===null||i===void 0)continue;i instanceof sn?i.toStringToBuffer(e):typeof i=="number"||i.isEscaped?e[0]+=i:i instanceof Promise?e.unshift("",i):pf(i,e)}}},sn=class{constructor(t,e,n){xe(this,"tag");xe(this,"props");xe(this,"key");xe(this,"children");xe(this,"isEscaped",!0);xe(this,"localContexts");this.tag=t,this.props=e,this.children=n}get type(){return this.tag}get ref(){return this.props.ref||null}toString(){var e,n;const t=[""];(e=this.localContexts)==null||e.forEach(([r,i])=>{r.values.push(i)});try{this.toStringToBuffer(t)}finally{(n=this.localContexts)==null||n.forEach(([r])=>{r.values.pop()})}return t.length===1?"callbacks"in t?f_(on(t[0],t.callbacks)).toString():t[0]:p_(t,t.callbacks)}toStringToBuffer(t){const e=this.tag,n=this.props;let{children:r}=this;t[0]+=`<${e}`;const i=Uo&&no(Uo)==="svg"?o=>b8(Za(o)):o=>Za(o);for(let[o,c]of Object.entries(n))if(o=i(o),o!=="children"){if(o==="style"&&typeof c=="object"){let l="";v_(c,(u,d)=>{d!=null&&(l+=`${l?";":""}${u}:${d}`)}),t[0]+=' style="',hr(l,t),t[0]+='"'}else if(typeof c=="string")t[0]+=` ${o}="`,hr(c,t),t[0]+='"';else if(c!=null)if(typeof c=="number"||c.isEscaped)t[0]+=` ${o}="${c}"`;else if(typeof c=="boolean"&&$8.includes(o))c&&(t[0]+=` ${o}=""`);else if(o==="dangerouslySetInnerHTML"){if(r.length>0)throw"Can only set one of `children` or `props.dangerouslySetInnerHTML`.";r=[on(c.__html)]}else if(c instanceof Promise)t[0]+=` ${o}="`,t.unshift('"',c);else if(typeof c=="function"){if(!o.startsWith("on"))throw`Invalid prop '${o}' of type 'function' supplied to '${e}'.`}else t[0]+=` ${o}="`,hr(c.toString(),t),t[0]+='"'}if(x8.includes(e)&&r.length===0){t[0]+="/>";return}t[0]+=">",pf(r,t),t[0]+=`</${e}>`}},Ml=class extends sn{toStringToBuffer(t){const{children:e}=this,n=this.tag.call(null,{...this.props,children:e.length<=1?e[0]:e});if(!(typeof n=="boolean"||n==null))if(n instanceof Promise)if(Li.length===0)t.unshift("",n);else{const r=Li.map(i=>[i,i.values.at(-1)]);t.unshift("",n.then(i=>(i instanceof sn&&(i.localContexts=r),i)))}else n instanceof sn?n.toStringToBuffer(t):typeof n=="number"||n.isEscaped?(t[0]+=n,n.callbacks&&(t.callbacks||(t.callbacks=[]),t.callbacks.push(...n.callbacks))):hr(n,t)}},b_=class extends sn{toStringToBuffer(t){pf(this.children,t)}},A8=(t,e,...n)=>{e??(e={}),n.length&&(e.children=n.length===1?n[0]:n);const r=e.key;delete e.key;const i=Zs(t,e,n);return i.key=r,i},_g=!1,Zs=(t,e,n)=>{if(!_g){for(const r in Rd)Ul[r][uf]=Rd[r];_g=!0}return typeof t=="function"?new Ml(t,e,n):Ul[t]?new Ml(Ul[t],e,n):t==="svg"||t==="head"?(Uo||(Uo=d8("")),new sn(t,e,[new Ml(Uo,{value:t},n)])):new sn(t,e,n)},ff=({children:t})=>new b_("",{children:t},Array.isArray(t)?t:t?[t]:[]),E8=(t,e,...n)=>A8(t.tag,{...t.props,...e},...n);function $(t,e,n){let r;if(!e||!("children"in e))r=Zs(t,e,[]);else{const i=e.children;r=Array.isArray(i)?Zs(t,e,i):Zs(t,e,[i])}return r.key=n,r}class hl extends Error{constructor(n,r=302){super(`Redirect to ${n}`);xe(this,"location");xe(this,"status");this.name=hl.name,this.location=n,this.status=r}}const yg={name:"sesamy",logoUrl:"https://assets.sesamy.com/static/images/email/sesamy-logo.png",style:{primaryColor:"#7D68F4",buttonTextColor:"#FFFFFF",primaryHoverColor:"#A091F2"},loginBackgroundImage:"",checkoutHideSocial:!1,supportEmail:"support@sesamy.com",supportUrl:"https://support.sesamy.com",siteUrl:"https://sesamy.com",termsAndConditionsUrl:"https://store.sesamy.com/pages/terms-of-service",manageSubscriptionsUrl:"https://account.sesamy.com/manage-subscriptions"};async function x_(t,e,n){if(!n&&!e)return yg;const r=n||e;try{const i=await fetch(`${t.API_URL}/profile/vendors/${r}/style`);if(!i.ok)throw new Error("Failed to fetch vendor settings");const o=await i.json();return gm.parse(o)}catch(i){return console.error(i),yg}}async function Je(t,e,n=!1){var d;const{env:r}=t,i=await r.data.loginSessions.get(t.var.tenant_id||"",e);if(!i)throw new B(400,{message:"Login session not found"});t.set("loginSession",i);const o=await fs(r,i.authParams.client_id);t.set("client_id",o.id),t.set("tenant_id",o.tenant.id);const c=await r.data.tenants.get(o.tenant.id);if(c){if(i.session_id&&!n){if(!i.authParams.redirect_uri)throw new B(400,{message:"Login session closed and no redirect URI available"});const f=new URL(i.authParams.redirect_uri);throw f.searchParams.set("error","access_denied"),f.searchParams.set("error_description","Login session closed"),i.authParams.state&&f.searchParams.set("state",i.authParams.state),new hl(f.toString(),302)}}else throw new B(400,{message:"Tenant not found"});const l=await x_(r,o.id,i.authParams.vendor_id),u=(d=i.authParams.ui_locales)==null?void 0:d.split(" ").map(f=>f.split("-")[0]).find(f=>{if(Array.isArray(U.options.supportedLngs))return U.options.supportedLngs.includes(f)});return await U.changeLanguage(u||c.language||"sv"),{vendorSettings:{...l,termsAndConditionsUrl:o.id==="fokus-app"?"https://www.fokus.se/kopvillkor-app/":l.termsAndConditionsUrl},client:o,tenant:c,loginSession:i}}async function k8(t,e,n,r){if(r!==void 0)return r==="password";const i=await op({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:n});return i!=null&&i.app_metadata.strategy?i.app_metadata.strategy==="Username-Password-Authentication":(await t.env.data.promptSettings.get(e.tenant.id)).password_first}const $_=({vendorSettings:t})=>t!=null&&t.logoUrl?$("div",{className:"flex h-9 items-center",children:$("img",{src:t.logoUrl,className:"max-h-full",alt:"Vendor logo"})}):$(ff,{}),A_=({vendorSettings:t})=>{const{termsAndConditionsUrl:e}=t;return $("div",{className:"mt-8",children:e&&$("div",{className:"text-xs text-gray-300",children:[U.t("agree_to")," ",$("a",{href:e,className:"text-primary hover:underline",target:"_blank",rel:"noreferrer",children:U.t("terms")})]})})};var E_={exports:{}};/*!
197
+ </html>`}async function i8({ctx:t,client:e,session:n,redirect_uri:r,state:i,nonce:o,code_challenge_method:c,code_challenge:l,audience:u,scope:d,response_type:f}){const{env:h}=t,m=new URL(r),A=`${m.protocol}//${m.host}`;async function _(H="Login required"){const W=qe(t,{type:Fe.FAILED_SILENT_AUTH,description:H});return await t.env.data.logs.create(e.tenant.id,W),t.html(fg(A,JSON.stringify({error:"login_required",error_description:H,state:i})))}if(!n||(n==null?void 0:n.expires_at)&&new Date(n.expires_at)<new Date||(n==null?void 0:n.idle_expires_at)&&new Date(n.idle_expires_at)<new Date)return _();t.set("user_id",n.user_id);const E=await h.data.users.get(e.tenant.id,n.user_id);if(!E)return console.error("User not found",n.user_id),_("User not found");t.set("username",E.email),t.set("connection",E.connection);const S={client:e,authParams:{client_id:e.id,audience:u,code_challenge_method:c,code_challenge:l,scope:d,state:i,nonce:o,response_type:f,redirect_uri:r},user:E,session_id:n.id},x=f===qt.CODE?await Xm(t,{user:E,client:e,authParams:S.authParams,login_id:n.login_session_id}):await hc(t,S);await h.data.sessions.update(e.tenant.id,n.id,{used_at:new Date().toISOString(),last_interaction_at:new Date().toISOString(),device:{...n.device,last_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||""},idle_expires_at:n.idle_expires_at?new Date(Date.now()+pc*1e3).toISOString():void 0});const z=qe(t,{type:Fe.SUCCESS_SILENT_AUTH,description:"Successful silent authentication"});await t.env.data.logs.create(e.tenant.id,z);const q=new Headers;q.set("Server-Timing","cf-nel=0; no-cloudflare-insights=1");const F=su(e.tenant.id,n.id,t.req.header("host"));return q.set("set-cookie",F),t.html(fg(A,JSON.stringify(x)),{headers:q})}const o8=["email","sms","Username-Password-Authentication"],s8=new s.OpenAPIHono().openapi(s.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:s.z.object({client_id:s.z.string(),vendor_id:s.z.string().optional(),redirect_uri:s.z.string(),scope:s.z.string().optional(),state:s.z.string(),prompt:s.z.string().optional(),response_mode:s.z.nativeEnum(En).optional(),response_type:s.z.nativeEnum(qt).optional(),audience:s.z.string().optional(),connection:s.z.string().optional(),nonce:s.z.string().optional(),max_age:s.z.string().optional(),login_ticket:s.z.string().optional(),code_challenge_method:s.z.nativeEnum(ac).optional(),code_challenge:s.z.string().optional(),realm:s.z.string().optional(),auth0Client:s.z.string().optional(),organization:s.z.string().optional(),login_hint:s.z.string().optional(),screen_hint:s.z.string().openapi({example:"signup",description:'Optional hint for the screen to show, like "signup" or "login".'}).optional(),ui_locales:s.z.string().optional()})},responses:{200:{description:"Successful authorization response. This can be an HTML page (e.g., for silent authentication iframe or universal login page) or a JSON object containing tokens (e.g., for response_mode=web_message).",content:{"text/html":{schema:s.z.string().openapi({example:"<html>...</html>"})},"application/json":{schema:Xd}}},302:{description:"Redirect to the client's redirect URI, an authentication page, or an external identity provider.",headers:s.z.object({Location:s.z.string().url()})},400:{description:"Bad Request. Invalid parameters or other client-side errors.",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}},403:{description:"Forbidden. The request is not allowed (e.g., invalid origin).",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}}}}),async t=>{const{env:e}=t,{client_id:n,vendor_id:r,redirect_uri:i,scope:o,state:c,audience:l,nonce:u,connection:d,response_type:f,response_mode:h,code_challenge:m,code_challenge_method:A,prompt:_,login_ticket:b,realm:E,auth0Client:S,login_hint:x,ui_locales:z,organization:q}=t.req.valid("query");t.set("log","authorize");const F=await fs(e,n);t.set("client_id",F.id),t.set("tenant_id",F.tenant.id);const H={redirect_uri:i.split("#")[0],scope:o,state:c,client_id:n,vendor_id:r,audience:l,nonce:u,prompt:_,response_type:f,response_mode:h,code_challenge:m,code_challenge_method:A,username:x,ui_locales:z,organization:q},W=t.req.header("origin");if(W&&!e8(W,F.web_origins||[]))throw new B(403,{message:`Origin ${W} not allowed`});if(H.redirect_uri&&!Z1(H.redirect_uri,F.callbacks||[],{allowPathWildcards:!0}))throw new B(400,{message:`Invalid redirect URI - ${H.redirect_uri}`});const J=pa(F.tenant.id,t.req.header("cookie")),ue=J?await e.data.sessions.get(F.tenant.id,J):void 0,Ne=ue&&!ue.revoked_at?ue:void 0;if(_=="none"){if(!f)throw new B(400,{message:"Missing response_type"});return i8({ctx:t,session:Ne||void 0,redirect_uri:i,state:c,response_type:f,client:F,nonce:u,code_challenge_method:A,code_challenge:m,audience:l,scope:o})}if(F.connections.length===1&&F.connections[0]&&!o8.includes(F.connections[0].strategy||""))return Bh(t,F,F.connections[0].name,H);if(d&&d!=="email")return Bh(t,F,d,H);if(b){const L=await r8(t,F.tenant.id,b,H,E);return L instanceof Response?L:t.json(L)}const P=await t8({ctx:t,client:F,auth0Client:S,authParams:H,session:Ne||void 0,connection:d,login_hint:x});return P instanceof Response?P:t.json(P)});function a8(t){const e=new s.OpenAPIHono;e.use(async(r,i)=>{const o=Wo(r,t.dataAdapter),c=cl(o,{defaultTtl:3e5,cacheEntities:["tenants","connections","clients"]});return r.env.data=sl(r,c),i()}),e.use("/oauth/token",Yg({origin:r=>r||"",allowHeaders:["Tenant-Id","Content-Type","Auth0-Client","Upgrade-Insecure-Requests"],allowMethods:["POST"],maxAge:600})),e.use(al).use(Xp(e));const n=e.route("/v2/logout",Nx).route("/userinfo",Cx).route("/.well-known",Ix).route("/oauth/token",G5).route("/dbconnections",J5).route("/passwordless",Y5).route("/co/authenticate",Q5).route("/authorize",s8).route("/callback",kx);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Oauth API"},security:[{oauth2:["openid","email","profile"]}]}),Wp(n),n}var c8={Stringify:1,BeforeStream:2,Stream:3},on=(t,e)=>{const n=new String(t);return n.isEscaped=!0,n.callbacks=e,n},l8=/[&<>'"]/,p_=async(t,e)=>{let n="";e||(e=[]);const r=await Promise.all(t);for(let i=r.length-1;n+=r[i],i--,!(i<0);i--){let o=r[i];typeof o=="object"&&e.push(...o.callbacks||[]);const c=o.isEscaped;if(o=await(typeof o=="object"?o.toString():o),typeof o=="object"&&e.push(...o.callbacks||[]),o.isEscaped??c)n+=o;else{const l=[n];hr(o,l),n=l[0]}}return on(n,e)},hr=(t,e)=>{const n=t.search(l8);if(n===-1){e[0]+=t;return}let r,i,o=0;for(i=n;i<t.length;i++){switch(t.charCodeAt(i)){case 34:r="&quot;";break;case 39:r="&#39;";break;case 38:r="&amp;";break;case 60:r="&lt;";break;case 62:r="&gt;";break;default:continue}e[0]+=t.substring(o,i)+r,o=i+1}e[0]+=t.substring(o,i)},f_=t=>{const e=t.callbacks;if(!(e!=null&&e.length))return t;const n=[t],r={};return e.forEach(i=>i({phase:c8.Stringify,buffer:n,context:r})),n[0]},h_=(t,...e)=>{const n=[""];for(let r=0,i=t.length-1;r<i;r++){n[0]+=t[r];const o=Array.isArray(e[r])?e[r].flat(1/0):[e[r]];for(let c=0,l=o.length;c<l;c++){const u=o[c];if(typeof u=="string")hr(u,n);else if(typeof u=="number")n[0]+=u;else{if(typeof u=="boolean"||u===null||u===void 0)continue;if(typeof u=="object"&&u.isEscaped)if(u.callbacks)n.unshift("",u);else{const d=u.toString();d instanceof Promise?n.unshift("",d):n[0]+=d}else u instanceof Promise?n.unshift("",u):hr(u.toString(),n)}}}return n[0]+=t.at(-1),n.length===1?"callbacks"in n?on(f_(on(n[0],n.callbacks))):on(n[0]):p_(n,n.callbacks)},uf=Symbol("RENDERER"),Dd=Symbol("ERROR_HANDLER"),Qe=Symbol("STASH"),g_=Symbol("INTERNAL"),u8=Symbol("MEMO"),Ya=Symbol("PERMALINK"),hg=t=>(t[g_]=!0,t),m_=t=>({value:e,children:n})=>{if(!n)return;const r={children:[{tag:hg(()=>{t.push(e)}),props:{}}]};Array.isArray(n)?r.children.push(...n.flat()):r.children.push(n),r.children.push({tag:hg(()=>{t.pop()}),props:{}});const i={tag:"",props:r,type:""};return i[Dd]=o=>{throw t.pop(),o},i},__=t=>{const e=[t],n=m_(e);return n.values=e,n.Provider=n,Li.push(n),n},Li=[],d8=t=>{const e=[t],n=r=>{e.push(r.value);let i;try{i=r.children?(Array.isArray(r.children)?new b_("",{},r.children):r.children).toString():""}finally{e.pop()}return i instanceof Promise?i.then(o=>on(o,o.callbacks)):on(i)};return n.values=e,n.Provider=n,n[uf]=m_(e),Li.push(n),n},no=t=>t.values.at(-1),Js={title:[],script:["src"],style:["data-href"],link:["href"],meta:["name","httpEquiv","charset","itemProp"]},Rd={},Ys="data-precedence",gs=t=>Array.isArray(t)?t:[t],gg=new WeakMap,mg=(t,e,n,r)=>({buffer:i,context:o})=>{if(!i)return;const c=gg.get(o)||{};gg.set(o,c);const l=c[t]||(c[t]=[]);let u=!1;const d=Js[t];if(d.length>0){e:for(const[,f]of l)for(const h of d)if(((f==null?void 0:f[h])??null)===(n==null?void 0:n[h])){u=!0;break e}}if(u?i[0]=i[0].replaceAll(e,""):d.length>0?l.push([e,n,r]):l.unshift([e,n,r]),i[0].indexOf("</head>")!==-1){let f;if(r===void 0)f=l.map(([h])=>h);else{const h=[];f=l.map(([m,,A])=>{let _=h.indexOf(A);return _===-1&&(h.push(A),_=h.length-1),[m,_]}).sort((m,A)=>m[1]-A[1]).map(([m])=>m)}f.forEach(h=>{i[0]=i[0].replaceAll(h,"")}),i[0]=i[0].replace(/(?=<\/head>)/,f.join(""))}},ms=(t,e,n)=>on(new sn(t,n,gs(e??[])).toString()),_s=(t,e,n,r)=>{if("itemProp"in n)return ms(t,e,n);let{precedence:i,blocking:o,...c}=n;i=r?i??"":void 0,r&&(c[Ys]=i);const l=new sn(t,c,gs(e||[])).toString();return l instanceof Promise?l.then(u=>on(l,[...u.callbacks||[],mg(t,u,c,i)])):on(l,[mg(t,l,c,i)])},p8=({children:t,...e})=>{const n=df();if(n){const r=no(n);if(r==="svg"||r==="head")return new sn("title",e,gs(t??[]))}return _s("title",t,e,!1)},f8=({children:t,...e})=>{const n=df();return["src","async"].some(r=>!e[r])||n&&no(n)==="head"?ms("script",t,e):_s("script",t,e,!1)},h8=({children:t,...e})=>["href","precedence"].every(n=>n in e)?(e["data-href"]=e.href,delete e.href,_s("style",t,e,!0)):ms("style",t,e),g8=({children:t,...e})=>["onLoad","onError"].some(n=>n in e)||e.rel==="stylesheet"&&(!("precedence"in e)||"disabled"in e)?ms("link",t,e):_s("link",t,e,"precedence"in e),m8=({children:t,...e})=>{const n=df();return n&&no(n)==="head"?ms("meta",t,e):_s("meta",t,e,!1)},y_=(t,{children:e,...n})=>new sn(t,n,gs(e??[])),_8=t=>(typeof t.action=="function"&&(t.action=Ya in t.action?t.action[Ya]:void 0),y_("form",t)),w_=(t,e)=>(typeof e.formAction=="function"&&(e.formAction=Ya in e.formAction?e.formAction[Ya]:void 0),y_(t,e)),y8=t=>w_("input",t),w8=t=>w_("button",t);const Ul=Object.freeze(Object.defineProperty({__proto__:null,button:w8,form:_8,input:y8,link:g8,meta:m8,script:f8,style:h8,title:p8},Symbol.toStringTag,{value:"Module"}));var v8=new Map([["className","class"],["htmlFor","for"],["crossOrigin","crossorigin"],["httpEquiv","http-equiv"],["itemProp","itemprop"],["fetchPriority","fetchpriority"],["noModule","nomodule"],["formAction","formaction"]]),Za=t=>v8.get(t)||t,v_=(t,e)=>{for(const[n,r]of Object.entries(t)){const i=n[0]==="-"||!/[A-Z]/.test(n)?n:n.replace(/[A-Z]/g,o=>`-${o.toLowerCase()}`);e(i,r==null?null:typeof r=="number"?i.match(/^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/)?`${r}`:`${r}px`:r)}},Uo=void 0,df=()=>Uo,b8=t=>/[A-Z]/.test(t)&&t.match(/^(?:al|basel|clip(?:Path|Rule)$|co|do|fill|fl|fo|gl|let|lig|i|marker[EMS]|o|pai|pointe|sh|st[or]|text[^L]|tr|u|ve|w)/)?t.replace(/([A-Z])/g,"-$1").toLowerCase():t,x8=["area","base","br","col","embed","hr","img","input","keygen","link","meta","param","source","track","wbr"],$8=["allowfullscreen","async","autofocus","autoplay","checked","controls","default","defer","disabled","download","formnovalidate","hidden","inert","ismap","itemscope","loop","multiple","muted","nomodule","novalidate","open","playsinline","readonly","required","reversed","selected"],pf=(t,e)=>{for(let n=0,r=t.length;n<r;n++){const i=t[n];if(typeof i=="string")hr(i,e);else{if(typeof i=="boolean"||i===null||i===void 0)continue;i instanceof sn?i.toStringToBuffer(e):typeof i=="number"||i.isEscaped?e[0]+=i:i instanceof Promise?e.unshift("",i):pf(i,e)}}},sn=class{constructor(t,e,n){xe(this,"tag");xe(this,"props");xe(this,"key");xe(this,"children");xe(this,"isEscaped",!0);xe(this,"localContexts");this.tag=t,this.props=e,this.children=n}get type(){return this.tag}get ref(){return this.props.ref||null}toString(){var e,n;const t=[""];(e=this.localContexts)==null||e.forEach(([r,i])=>{r.values.push(i)});try{this.toStringToBuffer(t)}finally{(n=this.localContexts)==null||n.forEach(([r])=>{r.values.pop()})}return t.length===1?"callbacks"in t?f_(on(t[0],t.callbacks)).toString():t[0]:p_(t,t.callbacks)}toStringToBuffer(t){const e=this.tag,n=this.props;let{children:r}=this;t[0]+=`<${e}`;const i=Uo&&no(Uo)==="svg"?o=>b8(Za(o)):o=>Za(o);for(let[o,c]of Object.entries(n))if(o=i(o),o!=="children"){if(o==="style"&&typeof c=="object"){let l="";v_(c,(u,d)=>{d!=null&&(l+=`${l?";":""}${u}:${d}`)}),t[0]+=' style="',hr(l,t),t[0]+='"'}else if(typeof c=="string")t[0]+=` ${o}="`,hr(c,t),t[0]+='"';else if(c!=null)if(typeof c=="number"||c.isEscaped)t[0]+=` ${o}="${c}"`;else if(typeof c=="boolean"&&$8.includes(o))c&&(t[0]+=` ${o}=""`);else if(o==="dangerouslySetInnerHTML"){if(r.length>0)throw"Can only set one of `children` or `props.dangerouslySetInnerHTML`.";r=[on(c.__html)]}else if(c instanceof Promise)t[0]+=` ${o}="`,t.unshift('"',c);else if(typeof c=="function"){if(!o.startsWith("on"))throw`Invalid prop '${o}' of type 'function' supplied to '${e}'.`}else t[0]+=` ${o}="`,hr(c.toString(),t),t[0]+='"'}if(x8.includes(e)&&r.length===0){t[0]+="/>";return}t[0]+=">",pf(r,t),t[0]+=`</${e}>`}},Ml=class extends sn{toStringToBuffer(t){const{children:e}=this,n=this.tag.call(null,{...this.props,children:e.length<=1?e[0]:e});if(!(typeof n=="boolean"||n==null))if(n instanceof Promise)if(Li.length===0)t.unshift("",n);else{const r=Li.map(i=>[i,i.values.at(-1)]);t.unshift("",n.then(i=>(i instanceof sn&&(i.localContexts=r),i)))}else n instanceof sn?n.toStringToBuffer(t):typeof n=="number"||n.isEscaped?(t[0]+=n,n.callbacks&&(t.callbacks||(t.callbacks=[]),t.callbacks.push(...n.callbacks))):hr(n,t)}},b_=class extends sn{toStringToBuffer(t){pf(this.children,t)}},A8=(t,e,...n)=>{e??(e={}),n.length&&(e.children=n.length===1?n[0]:n);const r=e.key;delete e.key;const i=Zs(t,e,n);return i.key=r,i},_g=!1,Zs=(t,e,n)=>{if(!_g){for(const r in Rd)Ul[r][uf]=Rd[r];_g=!0}return typeof t=="function"?new Ml(t,e,n):Ul[t]?new Ml(Ul[t],e,n):t==="svg"||t==="head"?(Uo||(Uo=d8("")),new sn(t,e,[new Ml(Uo,{value:t},n)])):new sn(t,e,n)},ff=({children:t})=>new b_("",{children:t},Array.isArray(t)?t:t?[t]:[]),E8=(t,e,...n)=>A8(t.tag,{...t.props,...e},...n);function $(t,e,n){let r;if(!e||!("children"in e))r=Zs(t,e,[]);else{const i=e.children;r=Array.isArray(i)?Zs(t,e,i):Zs(t,e,[i])}return r.key=n,r}class hl extends Error{constructor(n,r=302){super(`Redirect to ${n}`);xe(this,"location");xe(this,"status");this.name=hl.name,this.location=n,this.status=r}}const yg={name:"sesamy",logoUrl:"https://assets.sesamy.com/static/images/email/sesamy-logo.png",style:{primaryColor:"#7D68F4",buttonTextColor:"#FFFFFF",primaryHoverColor:"#A091F2"},loginBackgroundImage:"",checkoutHideSocial:!1,supportEmail:"support@sesamy.com",supportUrl:"https://support.sesamy.com",siteUrl:"https://sesamy.com",termsAndConditionsUrl:"https://store.sesamy.com/pages/terms-of-service",manageSubscriptionsUrl:"https://account.sesamy.com/manage-subscriptions"};async function x_(t,e,n){if(!n&&!e)return yg;const r=n||e;try{const i=await fetch(`${t.API_URL}/profile/vendors/${r}/style`);if(!i.ok)throw new Error("Failed to fetch vendor settings");const o=await i.json();return gm.parse(o)}catch(i){return console.error(i),yg}}async function Je(t,e,n=!1){var d;const{env:r}=t,i=await r.data.loginSessions.get(t.var.tenant_id||"",e);if(!i)throw new B(400,{message:"Login session not found"});t.set("loginSession",i);const o=await fs(r,i.authParams.client_id);t.set("client_id",o.id),t.set("tenant_id",o.tenant.id);const c=await r.data.tenants.get(o.tenant.id);if(c){if(i.session_id&&!n){if(!i.authParams.redirect_uri)throw new B(400,{message:"Login session closed and no redirect URI available"});const f=new URL(i.authParams.redirect_uri);throw f.searchParams.set("error","access_denied"),f.searchParams.set("error_description","Login session closed"),i.authParams.state&&f.searchParams.set("state",i.authParams.state),new hl(f.toString(),302)}}else throw new B(400,{message:"Tenant not found"});const l=await x_(r,o.id,i.authParams.vendor_id),u=(d=i.authParams.ui_locales)==null?void 0:d.split(" ").map(f=>f.split("-")[0]).find(f=>{if(Array.isArray(U.options.supportedLngs))return U.options.supportedLngs.includes(f)});return await U.changeLanguage(u||c.language||"sv"),{vendorSettings:{...l,termsAndConditionsUrl:o.id==="fokus-app"?"https://www.fokus.se/kopvillkor-app/":l.termsAndConditionsUrl},client:o,tenant:c,loginSession:i}}async function k8(t,e,n,r){if(r!==void 0)return r==="password";const i=await op({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:n});return i!=null&&i.app_metadata.strategy?i.app_metadata.strategy==="Username-Password-Authentication":(await t.env.data.promptSettings.get(e.tenant.id)).password_first}const $_=({vendorSettings:t})=>t!=null&&t.logoUrl?$("div",{className:"flex h-9 items-center",children:$("img",{src:t.logoUrl,className:"max-h-full",alt:"Vendor logo"})}):$(ff,{}),A_=({vendorSettings:t})=>{const{termsAndConditionsUrl:e}=t;return $("div",{className:"mt-8",children:e&&$("div",{className:"text-xs text-gray-300",children:[U.t("agree_to")," ",$("a",{href:e,className:"text-primary hover:underline",target:"_blank",rel:"noreferrer",children:U.t("terms")})]})})};var E_={exports:{}};/*!
198
198
  Copyright (c) 2018 Jed Watson.
199
199
  Licensed under the MIT License (MIT), see
200
200
  http://jedwatson.github.io/classnames
package/dist/authhero.mjs CHANGED
@@ -23097,7 +23097,8 @@ const P5 = ["email", "sms", "Username-Password-Authentication"], j5 = new Ce().o
23097
23097
  const U = await ps(e, n);
23098
23098
  t.set("client_id", U.id), t.set("tenant_id", U.tenant.id);
23099
23099
  const H = {
23100
- redirect_uri: i,
23100
+ redirect_uri: i.split("#")[0],
23101
+ // Remove fragment if present
23101
23102
  scope: o,
23102
23103
  state: c,
23103
23104
  client_id: n,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "authhero",
3
- "version": "0.162.0",
3
+ "version": "0.163.0",
4
4
  "files": [
5
5
  "dist"
6
6
  ],