authhero 0.2.3 → 0.2.4

package/src/routes/oauth2/well-known.ts

@@ -1,178 +0,0 @@
-import {
-  jwksKeySchema,
-  openIDConfigurationSchema,
-} from "@authhero/adapter-interfaces";
-import { Bindings } from "../../types";
-import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
-
-export const wellKnownRoutes = new OpenAPIHono<{ Bindings: Bindings }>()
-  // --------------------------------
-  // GET /.well-known/jwks.json
-  // --------------------------------
-  .openapi(
-    createRoute({
-      tags: ["jwks"],
-      method: "get",
-      path: "/jwks.json",
-      request: {},
-      responses: {
-        200: {
-          content: {
-            "application/json": {
-              schema: jwksKeySchema,
-            },
-          },
-          description: "List of tenants",
-        },
-      },
-    }),
-    async (ctx) => {
-      const { env } = ctx;
-
-      // const certificates = await env.data.keys.list();
-      // const keys = certificates.map((cert) => {
-      //   const { alg, n, e, kty } = JSON.parse(cert.public_key);
-      //   if (!alg || !e || !kty || !n) {
-      //     throw new Error("Invalid public key");
-      //   }
-
-      //   return jwksSchema.parse({
-      //     kid: cert.kid,
-      //     alg,
-      //     n,
-      //     e,
-      //     kty,
-      //   });
-      // });
-
-      // TODO: This is a stub implementation. Replace with the actual implementation
-      const keys = [
-        {
-          alg: "RS256",
-          e: "AQAB",
-          kid: "hZ42TWGWLdmyKfwGVA6c2",
-          kty: "RSA",
-          n: "nUd-mktFZQNfVwmXufxcVcvJo6Lkb-jDuymtfQunmEhWCctOccWx9e7LX7_9uN15ZnRS7XJInPMRs9KLYdZ0GCnE2HM_QbrEoHpdkCRgyTE-KzmoaEv_AOVGE_Kg0-0ct3r9Z7aJLDVAsxXl1C9y8Gr7ZYkq0c4DyZr9VT8nQiwZQERbfxXdXw-5RLj21S_Lm-LL-AjKvry_TDBLpfUFJV18SVsM07lY_V45TwykNewRdaGLspFIeGdG5j5eByV8ifzBqvzOSptSCsmOTtW-ceWUk0FPD7g_KKzjjbzenoB0TC8mBb_4vWZlHnuGIAs2YoTFglp9uNu7t_OVl3Svo6ZE6alzUnaNfZNeAi78KPHYQ4tDWPjpYNfGynsiD0nojkDSPCIak56jWNYjj614cPEBiv9MVQRiSbBxpiGhMoHlW_QCCPMcXygLAaRs_tUksqoH4QB80krifG2yHPgGDPjXK1_0cYzV80iOcQIeoceqhkSSc6YxzzgDrQcsV2k3bizRQSL83GWkpdHhTZn-Q_JzsW_bDY_f9fjigYbRnoDSgS7038VFIPc92StE41MdgvIQMomcyEE4lYK1uv1Mo6cnXbCZhm8tvddo7VKNorOB4nsiv8DGrWPlzQBca9VN4C1oE2mH-3WLFR7XEkBHWVouOdTWM2S3K9F10YtahkM",
-        },
-      ];
-
-      return ctx.json(
-        { keys },
-        {
-          headers: {
-            "access-control-allow-origin": "*",
-            "access-control-allow-method": "GET",
-            "cache-control": `public, max-age=${env.JWKS_CACHE_TIMEOUT_IN_SECONDS}, stale-while-revalidate=${
-              env.JWKS_CACHE_TIMEOUT_IN_SECONDS * 2
-            }, stale-if-error=86400`,
-          },
-        },
-      );
-    },
-  )
-  // --------------------------------
-  // GET /.well-known/openid-configuration
-  // --------------------------------
-  .openapi(
-    createRoute({
-      tags: ["well known"],
-      method: "get",
-      path: "/openid-configuration",
-      request: {},
-      responses: {
-        200: {
-          content: {
-            "application/json": {
-              schema: openIDConfigurationSchema,
-            },
-          },
-          description: "List of tenants",
-        },
-      },
-    }),
-    async (ctx) => {
-      const { env } = ctx;
-      const { ISSUER } = env;
-
-      const result = openIDConfigurationSchema.parse({
-        issuer: ISSUER,
-        authorization_endpoint: `${ISSUER}authorize`,
-        token_endpoint: `${ISSUER}oauth/token`,
-        device_authorization_endpoint: `${ISSUER}oauth/device/code`,
-        userinfo_endpoint: `${ISSUER}userinfo`,
-        mfa_challenge_endpoint: `${ISSUER}mfa/challenge`,
-        jwks_uri: `${ISSUER}.well-known/jwks.json`,
-        registration_endpoint: `${ISSUER}oidc/register`,
-        revocation_endpoint: `${ISSUER}oauth/revoke`,
-        scopes_supported: [
-          "openid",
-          "profile",
-          "offline_access",
-          "name",
-          "given_name",
-          "family_name",
-          "nickname",
-          "email",
-          "email_verified",
-          "picture",
-          "created_at",
-          "identities",
-          "phone",
-          "address",
-        ],
-        response_types_supported: [
-          "code",
-          "token",
-          "id_token",
-          "code token",
-          "code id_token",
-          "token id_token",
-          "code token id_token",
-        ],
-        code_challenge_methods_supported: ["S256", "plain"],
-        response_modes_supported: ["query", "fragment", "form_post"],
-        subject_types_supported: ["public"],
-        id_token_signing_alg_values_supported: ["HS256", "RS256"],
-        token_endpoint_auth_methods_supported: [
-          "client_secret_basic",
-          "client_secret_post",
-          "private_key_jwt",
-        ],
-        claims_supported: [
-          "aud",
-          "auth_time",
-          "created_at",
-          "email",
-          "email_verified",
-          "exp",
-          "family_name",
-          "given_name",
-          "iat",
-          "identities",
-          "iss",
-          "name",
-          "nickname",
-          "phone_number",
-          "picture",
-          "sub",
-        ],
-        request_uri_parameter_supported: false,
-        request_parameter_supported: false,
-        token_endpoint_auth_signing_alg_values_supported: [
-          "RS256",
-          "RS384",
-          "PS256",
-        ],
-      });
-
-      return ctx.json(result, {
-        headers: {
-          "access-control-allow-origin": "*",
-          "access-control-allow-method": "GET",
-          "cache-control": `public, max-age=${env.JWKS_CACHE_TIMEOUT_IN_SECONDS}, stale-while-revalidate=${
-            env.JWKS_CACHE_TIMEOUT_IN_SECONDS * 2
-          }, stale-if-error=86400`,
-        },
-      });
-    },
-  );

package/src/types/Bindings.ts

@@ -1,12 +0,0 @@
-import { DataAdapters } from "@authhero/adapter-interfaces";
-
-export type Bindings = {
-  ISSUER: string;
-  ENVIRONMENT: string;
-  AUTH_URL: string;
-
-  data: DataAdapters;
-
-  // Constants
-  JWKS_CACHE_TIMEOUT_IN_SECONDS: number;
-};

package/src/types/Query.ts

@@ -1,42 +0,0 @@
-import { z } from "@hono/zod-openapi";
-
-export const querySchema = z.object({
-  page: z
-    .string()
-    .min(0)
-    .optional()
-    .default("0")
-    .transform((p) => parseInt(p, 10))
-    .openapi({
-      description: "The page number where 0 is the first page",
-    }),
-  per_page: z
-    .string()
-    .min(1)
-    .optional()
-    .default("10")
-    .transform((p) => parseInt(p, 10))
-    .openapi({
-      description: "The number of items per page",
-    }),
-  include_totals: z
-    .string()
-    .optional()
-    .default("false")
-    .transform((it) => it === "true")
-    .openapi({
-      description:
-        "If the total number of items should be included in the response",
-    }),
-  sort: z
-    .string()
-    .regex(/^.+:(-1|1)$/)
-    .optional()
-    .openapi({
-      description:
-        "A property that should have the format 'string:-1' or 'string:1'",
-    }),
-  q: z.string().optional().openapi({
-    description: "A lucene query string used to filter the results",
-  }),
-});

package/src/types/Variables.ts

@@ -1,3 +0,0 @@
-export type Variables = {
-  tenant_id: string;
-};

package/src/types/index.ts

@@ -1,3 +0,0 @@
-export * from "./Variables";
-export * from "./Bindings";
-export * from "./Query";

package/src/utils/parse-sort.ts

@@ -1,18 +0,0 @@
-export function parseSort(sort?: string):
-  | undefined
-  | {
-      sort_by: string;
-      sort_order: "asc" | "desc";
-    } {
-  if (!sort) {
-    return undefined;
-  }
-
-  const [sort_by = "", orderString] = sort.split(":");
-  const sort_order = orderString === "1" ? "asc" : "desc";
-
-  return {
-    sort_by,
-    sort_order,
-  };
-}

package/src/utils/users.ts

@@ -1,130 +0,0 @@
-import { User, UserDataAdapter } from "@authhero/adapter-interfaces";
-
-export async function getUsersByEmail(
-  userAdapter: UserDataAdapter,
-  tenantId: string,
-  email: string,
-): Promise<User[]> {
-  const response = await userAdapter.list(tenantId, {
-    page: 0,
-    per_page: 10,
-    include_totals: false,
-    q: `email:${email}`,
-  });
-
-  return response.users;
-}
-
-interface GetUserByEmailAndProviderParams {
-  userAdapter: UserDataAdapter;
-  tenant_id: string;
-  email: string;
-  provider: string;
-}
-
-export async function getUserByEmailAndProvider({
-  userAdapter,
-  tenant_id,
-  email,
-  provider,
-}: GetUserByEmailAndProviderParams): Promise<User | null> {
-  const { users } = await userAdapter.list(tenant_id, {
-    page: 0,
-    per_page: 10,
-    include_totals: false,
-    q: `email:${email} provider:${provider}`,
-  });
-
-  if (users.length > 1) {
-    console.error("More than one user found for same email and provider");
-  }
-
-  return users[0] || null;
-}
-
-interface GetPrimaryUserByEmailParams {
-  userAdapter: UserDataAdapter;
-  tenant_id: string;
-  email: string;
-}
-
-export async function getPrimaryUserByEmail({
-  userAdapter,
-  tenant_id,
-  email,
-}: GetPrimaryUserByEmailParams): Promise<User | undefined> {
-  const { users: usersWithUnverifiedPasswordAccounts } = await userAdapter.list(
-    tenant_id,
-    {
-      page: 0,
-      per_page: 10,
-      include_totals: false,
-      q: `email:${email}`,
-    },
-  );
-
-  // filter out unverified accounts
-  const users = usersWithUnverifiedPasswordAccounts.filter(
-    // maybe we should do this for all providers
-    (user) => !(user.provider === "auth2" && !user.email_verified),
-  );
-
-  if (users.length === 0) {
-    return;
-  }
-
-  const primaryUsers = users.filter((user) => !user.linked_to);
-
-  if (primaryUsers.length > 0) {
-    if (primaryUsers.length > 1) {
-      console.error("More than one primary user found for same email");
-    }
-
-    return primaryUsers[0];
-  }
-
-  // so now we have only linked users for this email address
-
-  // I am going to assume that all the linked users with the same email address
-  // are linked to the same primary account
-
-  const primaryAccount = await userAdapter.get(tenant_id, users[0]?.linked_to!);
-
-  if (!primaryAccount) {
-    // this is a real error where we should interrupt the flow
-    throw new Error("Primary account not found");
-  }
-
-  return primaryAccount;
-}
-
-interface GetPrimaryUserByEmailAndProviderParams {
-  userAdapter: UserDataAdapter;
-  tenant_id: string;
-  email: string;
-  provider: string;
-}
-
-export async function getPrimaryUserByEmailAndProvider({
-  userAdapter,
-  tenant_id,
-  email,
-  provider,
-}: GetPrimaryUserByEmailAndProviderParams): Promise<User | null> {
-  const user = await getUserByEmailAndProvider({
-    userAdapter,
-    tenant_id,
-    email,
-    provider,
-  });
-
-  if (!user) {
-    return null;
-  }
-
-  if (!user.linked_to) {
-    return user;
-  }
-
-  return userAdapter.get(tenant_id, user.linked_to);
-}

package/src/vite-env.d.ts

@@ -1 +0,0 @@
-/// <reference types="vite/client" />

package/tsconfig.json

@@ -1,11 +0,0 @@
-{
-  "extends": "../../tsconfig.json",
-  "compilerOptions": {
-    // "noEmit": true,
-    "baseUrl": ".",
-    "outDir": "./dist",
-    "rootDir": "./src"
-  },
-  "include": ["src"],
-  "references": [{ "path": "./tsconfig.node.json" }]
-}

package/tsconfig.node.json

@@ -1,4 +0,0 @@
-{
-  "extends": "../../tsconfig.node.json",
-  "include": ["vite.config.ts"]
-}

package/vite.config.ts

@@ -1,41 +0,0 @@
-import path from "path";
-import { defineConfig } from "vite";
-
-const getPackageName = () => {
-  return "authhero";
-};
-
-const getPackageNameCamelCase = () => {
-  try {
-    return getPackageName().replace(/-./g, (char) => char[1].toUpperCase());
-  } catch (err) {
-    throw new Error("Name property in package.json is missing.");
-  }
-};
-
-const fileName = {
-  es: `${getPackageName()}.mjs`,
-  cjs: `${getPackageName()}.cjs`,
-  iife: `${getPackageName()}.iife.js`,
-};
-
-const formats = Object.keys(fileName) as Array<keyof typeof fileName>;
-
-module.exports = defineConfig({
-  base: "./",
-  build: {
-    outDir: "./dist",
-    lib: {
-      entry: path.resolve(__dirname, "src/index.ts"),
-      name: getPackageNameCamelCase(),
-      formats,
-      fileName: (format) => fileName[format],
-    },
-  },
-  resolve: {
-    alias: [
-      { find: "@", replacement: path.resolve(__dirname, "src") },
-      { find: "@@", replacement: path.resolve(__dirname) },
-    ],
-  },
-});