authhero 8.14.0 → 8.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/authhero.mjs CHANGED
@@ -8517,7 +8517,7 @@ var ane = (e, t) => {
8517
8517
  }, Yd = (e, t, n, r) => {
8518
8518
  let i = une(t, n, r);
8519
8519
  e.header("Set-Cookie", i, { append: !0 });
8520
- }, Xd = "mr4iipyz", dne = /* @__PURE__ */ p({
8520
+ }, Xd = "mr4p633u", dne = /* @__PURE__ */ p({
8521
8521
  common: () => Zd,
8522
8522
  consent: () => Qd,
8523
8523
  default: () => fne,
@@ -45621,7 +45621,7 @@ async function LH(e, t, n, r, i = N.USERNAME_PASSWORD) {
45621
45621
  code: "TOO_MANY_FAILED_LOGINS"
45622
45622
  });
45623
45623
  let f = await a.passwords.get(t.tenant.id, u.user_id), p = f && await a_.compare(n.password, f.password);
45624
- if (!p) {
45624
+ if (!p && !f) {
45625
45625
  let r = await fH(e, t.tenant.id, u.connection);
45626
45626
  r?.options?.import_mode === !0 && await DH({
45627
45627
  ctx: e,
@@ -51659,53 +51659,68 @@ var CY = r.object({
51659
51659
  handler: async (e) => {
51660
51660
  let t = e.var.tenant_id, n = e.req.query("include_password_hashes") === "true";
51661
51661
  n && _Y(e, pY);
51662
- let r = e.req.query("gzip") !== "false", i = new TextEncoder(), a = sY(e.env.data, t, { includePasswordHashes: n })[Symbol.asyncIterator](), o = 0, s = !1, c;
51662
+ let r = e.req.query("gzip") !== "false", i = new TextEncoder(), a = sY(e.env.data, t, { includePasswordHashes: n })[Symbol.asyncIterator](), o = 0, s = !1, c = [], l = 0, u = !1;
51663
51663
  try {
51664
- c = await a.next();
51664
+ for (; c.length < 1e3 && l < 1048576;) {
51665
+ let { value: e, done: t } = await a.next();
51666
+ if (t) {
51667
+ u = !0;
51668
+ break;
51669
+ }
51670
+ let n = i.encode(JSON.stringify(e) + "\n");
51671
+ c.push(n), l += n.byteLength, o += 1;
51672
+ }
51665
51673
  } catch (r) {
51666
51674
  throw await P(e, t, {
51667
51675
  type: M.FAILED_API_OPERATION,
51668
- description: `Tenant export failed (password_hashes=${n}) by ${e.var.user?.sub ?? "unknown"}: ${r instanceof Error ? r.message : String(r)}`,
51676
+ description: `Tenant export failed after ${o} rows (password_hashes=${n}) by ${e.var.user?.sub ?? "unknown"}: ${r instanceof Error ? r.message : String(r)}`,
51669
51677
  targetType: "tenant",
51670
51678
  targetId: t
51671
- }), new _(500, { message: "Tenant export failed" });
51679
+ }).catch(() => {}), new _(500, { message: "Tenant export failed" });
51672
51680
  }
51673
- let l = c, u = new ReadableStream({
51681
+ let d = new ReadableStream({
51674
51682
  async pull(r) {
51683
+ let l = c.shift();
51684
+ if (l) {
51685
+ r.enqueue(l);
51686
+ return;
51687
+ }
51675
51688
  try {
51676
- let { value: c, done: u } = l ?? await a.next();
51677
- if (l = void 0, u) {
51689
+ let c = u ? void 0 : await a.next();
51690
+ if (!c || c.done) {
51678
51691
  s || (s = !0, await P(e, t, {
51679
51692
  type: M.SUCCESS_API_OPERATION,
51680
51693
  description: `Tenant export (${o} rows, password_hashes=${n}) by ${e.var.user?.sub ?? "unknown"}`,
51681
51694
  targetType: "tenant",
51682
- targetId: t
51683
- })), r.close();
51695
+ targetId: t,
51696
+ waitForCompletion: !0
51697
+ }).catch(() => {})), r.close();
51684
51698
  return;
51685
51699
  }
51686
- o += 1, r.enqueue(i.encode(JSON.stringify(c) + "\n"));
51700
+ o += 1, r.enqueue(i.encode(JSON.stringify(c.value) + "\n"));
51687
51701
  } catch (i) {
51688
51702
  s || (s = !0, await P(e, t, {
51689
51703
  type: M.FAILED_API_OPERATION,
51690
51704
  description: `Tenant export failed after ${o} rows (password_hashes=${n}) by ${e.var.user?.sub ?? "unknown"}: ${i instanceof Error ? i.message : String(i)}`,
51691
51705
  targetType: "tenant",
51692
- targetId: t
51693
- })), r.error(i);
51706
+ targetId: t,
51707
+ waitForCompletion: !0
51708
+ }).catch(() => {})), r.error(i);
51694
51709
  }
51695
51710
  },
51696
51711
  async cancel() {
51697
51712
  await a.return?.(void 0);
51698
51713
  }
51699
51714
  });
51700
- if (!r) return new Response(u, {
51715
+ if (!r) return new Response(d, {
51701
51716
  status: 200,
51702
51717
  headers: {
51703
51718
  "content-type": "application/x-ndjson",
51704
51719
  "content-disposition": `attachment; filename="${t}-export.jsonl"`
51705
51720
  }
51706
51721
  });
51707
- let d = u.pipeThrough(new CompressionStream("gzip"));
51708
- return new Response(d, {
51722
+ let f = d.pipeThrough(new CompressionStream("gzip"));
51723
+ return new Response(f, {
51709
51724
  status: 200,
51710
51725
  headers: {
51711
51726
  "content-type": "application/gzip",
@@ -58358,7 +58373,8 @@ var l2 = F({
58358
58373
  allowSubDomainWildcards: !0
58359
58374
  })) throw new _(400, { message: `Invalid redirect URI - ${O.redirect_uri}` });
58360
58375
  }
58361
- if (O.audience) {
58376
+ let le = `${ba(e.env, e.var.custom_domain)}userinfo`;
58377
+ if (O.audience && O.audience !== le) {
58362
58378
  let { resource_servers: n } = await t.data.resourceServers.list(D.tenant.id);
58363
58379
  if (!n.some((e) => e.identifier === O.audience)) {
58364
58380
  let t = {
@@ -58374,19 +58390,19 @@ var l2 = F({
58374
58390
  throw new _(403, { message: `Service not found: ${O.audience}` });
58375
58391
  }
58376
58392
  }
58377
- let le, ue = Kie(D.tenant.id, e.req.header("cookie"));
58378
- for (let e of ue) {
58393
+ let ue, de = Kie(D.tenant.id, e.req.header("cookie"));
58394
+ for (let e of de) {
58379
58395
  let n = await t.data.sessions.get(D.tenant.id, e);
58380
58396
  if (n && !n.revoked_at) {
58381
- le = n;
58397
+ ue = n;
58382
58398
  break;
58383
58399
  }
58384
58400
  }
58385
- if (D.sso_disabled && (le = void 0), h == "none") {
58401
+ if (D.sso_disabled && (ue = void 0), h == "none") {
58386
58402
  if (!se || !T || !d) throw new _(400, { message: "Missing required parameters for silent auth: redirect_uri, state, and response_type" });
58387
58403
  return V0({
58388
58404
  ctx: e,
58389
- session: le || void 0,
58405
+ session: ue || void 0,
58390
58406
  redirect_uri: se,
58391
58407
  state: T,
58392
58408
  response_type: d,
@@ -58407,17 +58423,17 @@ var l2 = F({
58407
58423
  let t = await z0(e, D.tenant.id, ee, O, te);
58408
58424
  return t instanceof Response ? t : e.json(t);
58409
58425
  }
58410
- let de = await L0({
58426
+ let fe = await L0({
58411
58427
  ctx: e,
58412
58428
  client: D,
58413
58429
  auth0Client: ne,
58414
58430
  authParams: O,
58415
- session: le || void 0,
58431
+ session: ue || void 0,
58416
58432
  connection: E,
58417
58433
  login_hint: y,
58418
58434
  screen_hint: re
58419
58435
  });
58420
- return de instanceof Response ? de : e.json(de);
58436
+ return fe instanceof Response ? fe : e.json(fe);
58421
58437
  }
58422
58438
  }), u2 = F({
58423
58439
  route: t({