npm - bezzie - Versions diffs - 0.1.0 - Mend

bezzie 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/LICENSE +21 -0
package/README.md +202 -0
package/dist/adapters/cloudflare-kv.d.ts +10 -0
package/dist/adapters/cloudflare-kv.d.ts.map +1 -0
package/dist/adapters/cloudflare-kv.js +22 -0
package/dist/adapters/cloudflare-kv.js.map +1 -0
package/dist/adapters/index.d.ts +5 -0
package/dist/adapters/index.d.ts.map +1 -0
package/dist/adapters/index.js +5 -0
package/dist/adapters/index.js.map +1 -0
package/dist/adapters/memory.d.ts +9 -0
package/dist/adapters/memory.d.ts.map +1 -0
package/dist/adapters/memory.js +23 -0
package/dist/adapters/memory.js.map +1 -0
package/dist/adapters/redis.d.ts +17 -0
package/dist/adapters/redis.d.ts.map +1 -0
package/dist/adapters/redis.js +19 -0
package/dist/adapters/redis.js.map +1 -0
package/dist/adapters/types.d.ts +41 -0
package/dist/adapters/types.d.ts.map +1 -0
package/dist/adapters/types.js +2 -0
package/dist/adapters/types.js.map +1 -0
package/dist/index.d.ts +109 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +73 -0
package/dist/index.js.map +1 -0
package/dist/middleware.d.ts +22 -0
package/dist/middleware.d.ts.map +1 -0
package/dist/middleware.js +81 -0
package/dist/middleware.js.map +1 -0
package/dist/routes.d.ts +5 -0
package/dist/routes.d.ts.map +1 -0
package/dist/routes.js +131 -0
package/dist/routes.js.map +1 -0
package/dist/session.d.ts +33 -0
package/dist/session.d.ts.map +1 -0
package/dist/session.js +2 -0
package/dist/session.js.map +1 -0
package/package.json +46 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 neilpmas
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,202 @@
+# Bezzie
+**Bezzie** — your BFF's BFF. Handles the Backend for Frontend OAuth pattern so you don't have to.
+A BFF (Backend for Frontend) OAuth 2.0 auth library for Cloudflare Workers.
+Implements the [OAuth 2.0 for Browser-Based Apps (BCP212)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps) pattern — JWTs never touch the browser. The BFF owns the OAuth flow and issues a session cookie to the frontend instead.
+```
+npm install bezzie
+```
+---
+## Why
+Most OAuth libraries hand tokens directly to the browser. BCP212 says you shouldn't — it's a significant attack surface. Bezzie keeps tokens server-side in Cloudflare KV and gives the browser a session cookie instead.
+There's no open source library for this specific combination (BFF OAuth on Cloudflare Workers). The closest alternatives are Duende BFF (.NET) and `@auth0/nextjs-auth0` — both tied to specific frameworks.
+---
+## Usage
+```typescript
+import { createBezzie, providers, cloudflareKV } from 'bezzie'
+const auth = createBezzie({
+  ...providers.auth0('your-tenant.auth0.com'),
+  clientId: 'xxx',
+  clientSecret: env.AUTH0_CLIENT_SECRET,
+  audience: 'https://api.yourproject.com',
+  adapter: cloudflareKV(env.SESSION_KV),
+  baseUrl: 'https://app.yourproject.com',
+})
+// Mount auth routes
+app.route('/auth', auth.routes())
+// Protect API routes
+app.use('/api/*', auth.middleware())
+```
+This gives you:
+| Route | Description |
+|---|---|
+| `GET /auth/login` | Redirects to provider, initiates Authorization Code + PKCE flow. Supports `returnTo` query param for post-login redirect. |
+| `GET /auth/callback` | Exchanges code for tokens, stores session in KV, sets cookie. |
+| `GET /auth/logout` | Clears session, clears cookie, redirects to provider logout. |
+---
+## Accessing User Identity
+After `auth.middleware()`, downstream handlers can access the user identity and the current access token via `c.var`:
+```typescript
+app.get('/api/me', (c) => {
+  const user = c.var.user
+  const token = c.var.accessToken
+  return c.json({ user })
+})
+```
+## Forwarding Upstream
+The `accessToken` on the context is intended for the app to forward to an upstream service (e.g., a Spring Boot API or any other microservice), since Bezzie doesn't mutate request headers directly.
+```typescript
+app.all('/api/proxy/*', async (c) => {
+  const url = new URL(c.req.url)
+  const target = `https://api.upstream.com${url.pathname}${url.search}`
+  return fetch(target, {
+    method: c.req.method,
+    headers: {
+      ...c.req.header(),
+      'Authorization': `Bearer ${c.var.accessToken}`
+    },
+    body: c.req.raw.body
+  })
+})
+```
+---
+## How It Works
+### Login Flow
+```
+Browser → BFF /auth/login → Auth0 (Authorization Code + PKCE)
+                                    │
+                               code returned
+                                    │
+              BFF exchanges code → tokens stored in KV
+              BFF issues HttpOnly session cookie → Browser
+```
+### Per-Request Flow
+1. Browser sends request to BFF with session cookie
+2. BFF looks up session in KV, retrieves access token
+3. BFF validates JWT (via JWKS, using Web Crypto API)
+4. If expired, BFF uses refresh token to get a new one and updates KV
+5. BFF forwards request upstream with `Authorization: Bearer <token>`
+### Session Storage
+Sessions are stored in Cloudflare KV:
+```
+sessionId → { accessToken, refreshToken, expiresAt, user }
+```
+KV TTL is aligned with the refresh token lifetime. When the refresh token expires, the user must log in again.
+---
+## Adapters
+Bezzie supports multiple session storage backends:
+### Cloudflare KV
+Recommended for production on Cloudflare Workers.
+```typescript
+import { cloudflareKV } from 'bezzie'
+// ...
+adapter: cloudflareKV(env.SESSION_KV)
+```
+### Redis (Upstash)
+Good for cross-region session consistency.
+```typescript
+import { RedisAdapter } from 'bezzie'
+// ...
+adapter: new RedisAdapter({ url: env.REDIS_URL, token: env.REDIS_TOKEN })
+```
+### Memory
+Useful for local development and testing. Do not use in production.
+```typescript
+import { MemoryAdapter } from 'bezzie'
+// ...
+adapter: new MemoryAdapter()
+```
+---
+## Configuration
+| Option | Type | Description |
+|---|---|---|
+| `issuer` | `string` | Your OIDC provider issuer URL (e.g. `https://tenant.auth0.com`) |
+| `clientId` | `string` | OAuth client ID |
+| `clientSecret` | `string` | OAuth client secret — keep in Workers secrets |
+| `audience` | `string` | API audience identifier |
+| `adapter` | `SessionAdapter` | Session adapter (e.g. `cloudflareKV(env.SESSION_KV)`) |
+| `baseUrl` | `string` | Base URL of your application (used for callback and redirects) |
+| `providerHints` | `object` | Optional tweaks for specific providers (`logoutUrl`, `tokenEndpoint`) |
+---
+## Cloudflare Setup
+Add a KV namespace to your `wrangler.toml`:
+```toml
+[[kv_namespaces]]
+binding = "SESSION_KV"
+id = "<your-kv-namespace-id>"
+```
+Add your client secret as a Workers secret:
+```sh
+wrangler secret put AUTH0_CLIENT_SECRET
+```
+---
+## Stack
+| Component | Choice |
+|---|---|
+| Runtime | Cloudflare Workers |
+| Router | Hono |
+| OAuth | `oauth4webapi` (spec-compliant, no Node.js deps) |
+| Session storage | Cloudflare KV |
+---
+## Status
+v0.1.0 — pre-release
+---
+## License
+MIT

package/dist/adapters/cloudflare-kv.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { Session } from '../session';
+import { SessionAdapter, PKCEState } from './types';
+export declare class CloudflareKVAdapter implements SessionAdapter {
+    private kv;
+    constructor(kv: KVNamespace);
+    get(sessionId: string): Promise<Session | PKCEState | null>;
+    set(sessionId: string, session: Session | PKCEState, ttlSeconds: number): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+}
+//# sourceMappingURL=cloudflare-kv.d.ts.map

package/dist/adapters/cloudflare-kv.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cloudflare-kv.d.ts","sourceRoot":"","sources":["../../src/adapters/cloudflare-kv.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,SAAS,CAAA;AAEnD,qBAAa,mBAAoB,YAAW,cAAc;IAC5C,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,WAAW;IAE7B,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,SAAS,GAAG,IAAI,CAAC;IAK3D,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IASvF,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/C"}

package/dist/adapters/cloudflare-kv.js ADDED Viewed

@@ -0,0 +1,22 @@
+export class CloudflareKVAdapter {
+    kv;
+    constructor(kv) {
+        this.kv = kv;
+    }
+    async get(sessionId) {
+        const session = await this.kv.get(sessionId, 'json');
+        return session;
+    }
+    async set(sessionId, session, ttlSeconds) {
+        if (ttlSeconds < 60) {
+            throw new Error('Bezzie: KV TTL must be at least 60 seconds');
+        }
+        await this.kv.put(sessionId, JSON.stringify(session), {
+            expirationTtl: ttlSeconds,
+        });
+    }
+    async delete(sessionId) {
+        await this.kv.delete(sessionId);
+    }
+}
+//# sourceMappingURL=cloudflare-kv.js.map

package/dist/adapters/cloudflare-kv.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cloudflare-kv.js","sourceRoot":"","sources":["../../src/adapters/cloudflare-kv.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,mBAAmB;IACV;IAApB,YAAoB,EAAe;QAAf,OAAE,GAAF,EAAE,CAAa;IAAG,CAAC;IAEvC,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAsB,SAAS,EAAE,MAAM,CAAC,CAAA;QACzE,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,SAAiB,EAAE,OAA4B,EAAE,UAAkB;QAC3E,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;QAC/D,CAAC;QACD,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE;YACpD,aAAa,EAAE,UAAU;SAC1B,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IACjC,CAAC;CACF"}

package/dist/adapters/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export * from './types';
+export * from './cloudflare-kv';
+export * from './redis';
+export * from './memory';
+//# sourceMappingURL=index.d.ts.map

package/dist/adapters/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAA;AACvB,cAAc,iBAAiB,CAAA;AAC/B,cAAc,SAAS,CAAA;AACvB,cAAc,UAAU,CAAA"}

package/dist/adapters/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+export * from './types';
+export * from './cloudflare-kv';
+export * from './redis';
+export * from './memory';
+//# sourceMappingURL=index.js.map

package/dist/adapters/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAA;AACvB,cAAc,iBAAiB,CAAA;AAC/B,cAAc,SAAS,CAAA;AACvB,cAAc,UAAU,CAAA"}

package/dist/adapters/memory.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { Session } from '../session';
+import { SessionAdapter, PKCEState } from './types';
+export declare class MemoryAdapter implements SessionAdapter {
+    private store;
+    get(sessionId: string): Promise<Session | PKCEState | null>;
+    set(sessionId: string, session: Session | PKCEState, ttlSeconds: number): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+}
+//# sourceMappingURL=memory.d.ts.map

package/dist/adapters/memory.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../src/adapters/memory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,SAAS,CAAA;AAOnD,qBAAa,aAAc,YAAW,cAAc;IAClD,OAAO,CAAC,KAAK,CAAmC;IAE1C,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,SAAS,GAAG,IAAI,CAAC;IAU3D,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOvF,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/C"}

package/dist/adapters/memory.js ADDED Viewed

@@ -0,0 +1,23 @@
+export class MemoryAdapter {
+    store = new Map();
+    async get(sessionId) {
+        const entry = this.store.get(sessionId);
+        if (!entry)
+            return null;
+        if (Date.now() > entry.expiresAt) {
+            this.store.delete(sessionId);
+            return null;
+        }
+        return entry.session;
+    }
+    async set(sessionId, session, ttlSeconds) {
+        this.store.set(sessionId, {
+            session,
+            expiresAt: Date.now() + ttlSeconds * 1000,
+        });
+    }
+    async delete(sessionId) {
+        this.store.delete(sessionId);
+    }
+}
+//# sourceMappingURL=memory.js.map

package/dist/adapters/memory.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"memory.js","sourceRoot":"","sources":["../../src/adapters/memory.ts"],"names":[],"mappings":"AAQA,MAAM,OAAO,aAAa;IAChB,KAAK,GAAG,IAAI,GAAG,EAAyB,CAAA;IAEhD,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACvB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;YAC5B,OAAO,IAAI,CAAA;QACb,CAAC;QACD,OAAO,KAAK,CAAC,OAAO,CAAA;IACtB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,SAAiB,EAAE,OAA4B,EAAE,UAAkB;QAC3E,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE;YACxB,OAAO;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI;SAC1C,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IAC9B,CAAC;CACF"}

package/dist/adapters/redis.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { Session } from '../session';
+import { SessionAdapter, PKCEState } from './types';
+export interface RedisClient {
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string, options?: {
+        ex?: number;
+    }): Promise<unknown>;
+    del(key: string): Promise<unknown>;
+}
+export declare class RedisAdapter implements SessionAdapter {
+    private redis;
+    constructor(redis: RedisClient);
+    get(sessionId: string): Promise<Session | PKCEState | null>;
+    set(sessionId: string, session: Session | PKCEState, ttlSeconds: number): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+}
+//# sourceMappingURL=redis.d.ts.map

package/dist/adapters/redis.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"redis.d.ts","sourceRoot":"","sources":["../../src/adapters/redis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,SAAS,CAAA;AAEnD,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IACxC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAC5E,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CACnC;AAED,qBAAa,YAAa,YAAW,cAAc;IACrC,OAAO,CAAC,KAAK;gBAAL,KAAK,EAAE,WAAW;IAEhC,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,SAAS,GAAG,IAAI,CAAC;IAM3D,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIvF,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/C"}

package/dist/adapters/redis.js ADDED Viewed

@@ -0,0 +1,19 @@
+export class RedisAdapter {
+    redis;
+    constructor(redis) {
+        this.redis = redis;
+    }
+    async get(sessionId) {
+        const session = await this.redis.get(sessionId);
+        if (!session)
+            return null;
+        return JSON.parse(session);
+    }
+    async set(sessionId, session, ttlSeconds) {
+        await this.redis.set(sessionId, JSON.stringify(session), { ex: ttlSeconds });
+    }
+    async delete(sessionId) {
+        await this.redis.del(sessionId);
+    }
+}
+//# sourceMappingURL=redis.js.map

package/dist/adapters/redis.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"redis.js","sourceRoot":"","sources":["../../src/adapters/redis.ts"],"names":[],"mappings":"AASA,MAAM,OAAO,YAAY;IACH;IAApB,YAAoB,KAAkB;QAAlB,UAAK,GAAL,KAAK,CAAa;IAAG,CAAC;IAE1C,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAC/C,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAA;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAwB,CAAA;IACnD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,SAAiB,EAAE,OAA4B,EAAE,UAAkB;QAC3E,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,CAAA;IAC9E,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;IACjC,CAAC;CACF"}

package/dist/adapters/types.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import { Session } from '../session';
+/**
+ * Temporary state for the PKCE OAuth flow.
+ */
+export interface PKCEState {
+    /**
+     * Code verifier for PKCE.
+     */
+    codeVerifier: string;
+    /**
+     * URL to redirect to after successful authentication.
+     */
+    returnTo?: string;
+}
+/**
+ * Interface for session storage adapters.
+ */
+export interface SessionAdapter {
+    /**
+     * Retrieves a session or PKCE state by ID.
+     *
+     * @param sessionId Session ID
+     * @returns Session, PKCE state, or null if not found
+     */
+    get(sessionId: string): Promise<Session | PKCEState | null>;
+    /**
+     * Stores a session or PKCE state.
+     *
+     * @param sessionId Session ID
+     * @param session Session or PKCE state
+     * @param ttlSeconds Time-to-live in seconds
+     */
+    set(sessionId: string, session: Session | PKCEState, ttlSeconds: number): Promise<void>;
+    /**
+     * Deletes a session or PKCE state.
+     *
+     * @param sessionId Session ID
+     */
+    delete(sessionId: string): Promise<void>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/adapters/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAEpC;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;OAKG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,SAAS,GAAG,IAAI,CAAC,CAAA;IAE3D;;;;;;OAMG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEvF;;;;OAIG;IACH,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CACzC"}

package/dist/adapters/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=types.js.map

package/dist/adapters/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":""}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,109 @@
+import { Hono, type MiddlewareHandler } from 'hono';
+import { type Variables } from './middleware';
+import { type SessionAdapter } from './session';
+/**
+ * Configuration for Bezzie.
+ */
+export interface BezzieConfig {
+    /**
+     * Your OIDC provider issuer URL (e.g. `https://tenant.auth0.com`).
+     */
+    issuer: string;
+    /**
+     * OAuth client ID.
+     */
+    clientId: string;
+    /**
+     * OAuth client secret — keep this in Workers secrets.
+     */
+    clientSecret: string;
+    /**
+     * Optional API audience identifier.
+     */
+    audience?: string;
+    /**
+     * Session adapter (e.g. `cloudflareKV(env.SESSION_KV)`).
+     */
+    adapter: SessionAdapter;
+    /**
+     * Base URL of your application (used for callback and redirects).
+     */
+    baseUrl: string;
+    /**
+     * Optional tweaks for specific providers.
+     */
+    providerHints?: {
+        /**
+         * Custom logout URL if different from the default OIDC logout.
+         */
+        logoutUrl?: string;
+        /**
+         * Custom token endpoint if different from the discovery metadata.
+         */
+        tokenEndpoint?: string;
+    };
+}
+/**
+ * Common OIDC provider configurations.
+ */
+export declare const providers: {
+    /**
+     * Auth0 provider configuration.
+     */
+    auth0: (domain: string) => {
+        issuer: string;
+        providerHints: {
+            logoutUrl: string;
+        };
+    };
+    /**
+     * Okta provider configuration.
+     */
+    okta: (domain: string) => {
+        issuer: string;
+    };
+    /**
+     * Keycloak provider configuration.
+     */
+    keycloak: (baseUrl: string, realm: string) => {
+        issuer: string;
+    };
+    /**
+     * Google provider configuration.
+     */
+    google: () => {
+        issuer: string;
+    };
+};
+/**
+ * Creates a Cloudflare KV session adapter.
+ */
+declare function cloudflareKV(kv: KVNamespace): SessionAdapter;
+/**
+ * The main Bezzie interface.
+ */
+export interface Bezzie {
+    /**
+     * Returns a Hono app containing the auth routes (/login, /callback, /logout).
+     */
+    routes: () => Hono;
+    /**
+     * Returns a Hono middleware that protects routes and manages sessions.
+     */
+    middleware: () => MiddlewareHandler<{
+        Variables: Variables;
+    }>;
+}
+/**
+ * Creates a new Bezzie instance.
+ *
+ * @param config Bezzie configuration
+ * @returns Bezzie instance
+ * @throws {Error} if required configuration is missing or invalid
+ */
+declare function createBezzie(config: BezzieConfig): Bezzie;
+export { createBezzie, cloudflareKV };
+export type { Variables } from './middleware';
+export type { SessionAdapter, PKCEState, Session } from './session';
+export { CloudflareKVAdapter, RedisAdapter, MemoryAdapter } from './session';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,KAAK,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAEnD,OAAO,EAAc,KAAK,SAAS,EAAE,MAAM,cAAc,CAAA;AAEzD,OAAO,EAAuB,KAAK,cAAc,EAAE,MAAM,WAAW,CAAA;AAEpE;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;IAEd;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IAEpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IAEjB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAA;IAEvB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAA;IAEf;;OAEG;IACH,aAAa,CAAC,EAAE;QACd;;WAEG;QACH,SAAS,CAAC,EAAE,MAAM,CAAA;QAElB;;WAEG;QACH,aAAa,CAAC,EAAE,MAAM,CAAA;KACvB,CAAA;CACF;AAED;;GAEG;AACH,eAAO,MAAM,SAAS;IACpB;;OAEG;oBACa,MAAM;;;;;;IAOtB;;OAEG;mBACY,MAAM;;;IAIrB;;OAEG;wBACiB,MAAM,SAAS,MAAM;;;IAIzC;;OAEG;;;;CAIJ,CAAA;AAED;;GAEG;AACH,iBAAS,YAAY,CAAC,EAAE,EAAE,WAAW,GAAG,cAAc,CAErD;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB;;OAEG;IACH,MAAM,EAAE,MAAM,IAAI,CAAA;IAElB;;OAEG;IACH,UAAU,EAAE,MAAM,iBAAiB,CAAC;QAAE,SAAS,EAAE,SAAS,CAAA;KAAE,CAAC,CAAA;CAC9D;AAED;;;;;;GAMG;AACH,iBAAS,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,MAAM,CAwBlD;AAED,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,CAAA;AACrC,YAAY,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,YAAY,EAAE,cAAc,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnE,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,73 @@
+import { authRoutes } from './routes';
+import { middleware } from './middleware';
+import { CloudflareKVAdapter } from './session';
+/**
+ * Common OIDC provider configurations.
+ */
+export const providers = {
+    /**
+     * Auth0 provider configuration.
+     */
+    auth0: (domain) => ({
+        issuer: `https://${domain}`,
+        providerHints: {
+            logoutUrl: `https://${domain}/v2/logout`,
+        },
+    }),
+    /**
+     * Okta provider configuration.
+     */
+    okta: (domain) => ({
+        issuer: `https://${domain}/oauth2/default`,
+    }),
+    /**
+     * Keycloak provider configuration.
+     */
+    keycloak: (baseUrl, realm) => ({
+        issuer: `${baseUrl}/realms/${realm}`,
+    }),
+    /**
+     * Google provider configuration.
+     */
+    google: () => ({
+        issuer: 'https://accounts.google.com',
+    }),
+};
+/**
+ * Creates a Cloudflare KV session adapter.
+ */
+function cloudflareKV(kv) {
+    return new CloudflareKVAdapter(kv);
+}
+/**
+ * Creates a new Bezzie instance.
+ *
+ * @param config Bezzie configuration
+ * @returns Bezzie instance
+ * @throws {Error} if required configuration is missing or invalid
+ */
+function createBezzie(config) {
+    const required = ['issuer', 'clientId', 'clientSecret', 'adapter', 'baseUrl'];
+    for (const key of required) {
+        if (!config[key]) {
+            throw new Error(`Bezzie: missing required config: ${key}`);
+        }
+    }
+    if (!config.issuer.startsWith('https://')) {
+        throw new Error('Bezzie: issuer must start with https://');
+    }
+    try {
+        new URL(config.issuer);
+    }
+    catch (e) {
+        throw new Error('Bezzie: issuer must be a valid URL');
+    }
+    const router = authRoutes(config);
+    return {
+        routes: () => router,
+        middleware: () => middleware(config),
+    };
+}
+export { createBezzie, cloudflareKV };
+export { CloudflareKVAdapter, RedisAdapter, MemoryAdapter } from './session';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EAAE,UAAU,EAAkB,MAAM,cAAc,CAAA;AAEzD,OAAO,EAAE,mBAAmB,EAAuB,MAAM,WAAW,CAAA;AAoDpE;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB;;OAEG;IACH,KAAK,EAAE,CAAC,MAAc,EAAE,EAAE,CAAC,CAAC;QAC1B,MAAM,EAAE,WAAW,MAAM,EAAE;QAC3B,aAAa,EAAE;YACb,SAAS,EAAE,WAAW,MAAM,YAAY;SACzC;KACF,CAAC;IAEF;;OAEG;IACH,IAAI,EAAE,CAAC,MAAc,EAAE,EAAE,CAAC,CAAC;QACzB,MAAM,EAAE,WAAW,MAAM,iBAAiB;KAC3C,CAAC;IAEF;;OAEG;IACH,QAAQ,EAAE,CAAC,OAAe,EAAE,KAAa,EAAE,EAAE,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,OAAO,WAAW,KAAK,EAAE;KACrC,CAAC;IAEF;;OAEG;IACH,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACb,MAAM,EAAE,6BAA6B;KACtC,CAAC;CACH,CAAA;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,EAAe;IACnC,OAAO,IAAI,mBAAmB,CAAC,EAAE,CAAC,CAAA;AACpC,CAAC;AAiBD;;;;;;GAMG;AACH,SAAS,YAAY,CAAC,MAAoB;IACxC,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;IAC7E,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,GAAyB,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,oCAAoC,GAAG,EAAE,CAAC,CAAA;QAC5D,CAAC;IACH,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IAC5D,CAAC;IAED,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;IACvD,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAA;IAEjC,OAAO;QACL,MAAM,EAAE,GAAG,EAAE,CAAC,MAAM;QACpB,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;KACrC,CAAA;AACH,CAAC;AAED,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,CAAA;AAGrC,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA"}

package/dist/middleware.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { MiddlewareHandler } from 'hono';
+import type { Session } from './session';
+import type { BezzieConfig } from './index';
+/**
+ * Hono context variables provided by Bezzie middleware.
+ * These are what downstream route handlers read from `c.var`.
+ */
+export type Variables = {
+    /**
+     * The authenticated user's information.
+     */
+    user: Session['user'];
+    /**
+     * The current OAuth access token.
+     */
+    accessToken: string;
+};
+export declare function _resetDiscoveryCache(): void;
+export declare function middleware(config: BezzieConfig): MiddlewareHandler<{
+    Variables: Variables;
+}>;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/middleware.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAG7C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C;;;GAGG;AACH,MAAM,MAAM,SAAS,GAAG;IACtB;;OAEG;IACH,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;IACrB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAkBD,wBAAgB,oBAAoB,SAGnC;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,YAAY,GAAG,iBAAiB,CAAC;IAAE,SAAS,EAAE,SAAS,CAAA;CAAE,CAAC,CAuE5F"}

package/dist/middleware.js ADDED Viewed

@@ -0,0 +1,81 @@
+import { getCookie } from 'hono/cookie';
+import * as oauth from 'oauth4webapi';
+const jwksCache = {};
+let cachedAS = null;
+let cacheExpiresAt = 0;
+async function getAuthorizationServer(config) {
+    if (cachedAS && Date.now() < cacheExpiresAt)
+        return cachedAS;
+    const issuerUrl = new URL(config.issuer);
+    const response = await oauth.discoveryRequest(issuerUrl);
+    const as = await oauth.processDiscoveryResponse(issuerUrl, response);
+    cachedAS = config.providerHints?.tokenEndpoint
+        ? { ...as, token_endpoint: config.providerHints.tokenEndpoint }
+        : as;
+    cacheExpiresAt = Date.now() + 60 * 60 * 1000; // 1 hour
+    return cachedAS;
+}
+export function _resetDiscoveryCache() {
+    cachedAS = null;
+    cacheExpiresAt = 0;
+}
+export function middleware(config) {
+    const sessionStore = config.adapter;
+    return async (c, next) => {
+        // 1. Read the sessionId cookie from the request
+        const sessionId = getCookie(c, 'sessionId');
+        // 2. If no cookie → return 401
+        if (!sessionId) {
+            return c.text('Unauthorized', 401);
+        }
+        // 3. Look up the session in KV using SessionStore
+        const session = await sessionStore.get(sessionId);
+        // 4. If no session found or it's a PKCE state → return 401
+        if (!session || 'codeVerifier' in session) {
+            return c.text('Unauthorized', 401);
+        }
+        const as = await getAuthorizationServer(config);
+        // 5. Check if the access token is expired (with 60s buffer)
+        if (session.expiresAt < (Date.now() / 1000) + 60) {
+            // 6. If expired → use oauth4webapi to perform a refresh token grant
+            const client = {
+                client_id: config.clientId,
+                client_secret: config.clientSecret,
+                token_endpoint_auth_method: 'client_secret_post',
+            };
+            const response = await oauth.refreshTokenGrantRequest(as, client, session.refreshToken);
+            const result = await oauth.processRefreshTokenResponse(as, client, response);
+            if (oauth.isOAuth2Error(result)) {
+                await sessionStore.delete(sessionId);
+                return c.text('Unauthorized', 401);
+            }
+            // Update the session in KV with new tokens and new expiresAt
+            session.accessToken = result.access_token;
+            if (result.refresh_token) {
+                session.refreshToken = result.refresh_token;
+            }
+            session.expiresAt = Math.floor(Date.now() / 1000) + (result.expires_in || 3600);
+            await sessionStore.set(sessionId, session, 30 * 24 * 60 * 60); // 30 days, matches initial session TTL
+        }
+        // 8. Validate the JWT using JWKS
+        try {
+            // We need a Request object that has the Authorization header for validateJwtAccessToken
+            const mockReq = new Request(c.req.raw.url, {
+                headers: {
+                    Authorization: `Bearer ${session.accessToken}`,
+                },
+            });
+            await oauth.validateJwtAccessToken(as, mockReq, config.audience ?? '', { [oauth.jwksCache]: jwksCache });
+        }
+        catch (error) {
+            // 9. If JWT invalid → return 401
+            return c.text('Unauthorized', 401);
+        }
+        // 10. Attach the user and accessToken to Hono context
+        c.set('user', session.user);
+        c.set('accessToken', session.accessToken);
+        // 12. Call next()
+        await next();
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/middleware.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AACvC,OAAO,KAAK,KAAK,MAAM,cAAc,CAAA;AAmBrC,MAAM,SAAS,GAAyB,EAAE,CAAA;AAC1C,IAAI,QAAQ,GAAqC,IAAI,CAAA;AACrD,IAAI,cAAc,GAAG,CAAC,CAAA;AAEtB,KAAK,UAAU,sBAAsB,CAAC,MAAoB;IACxD,IAAI,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc;QAAE,OAAO,QAAQ,CAAA;IAC5D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;IACxD,MAAM,EAAE,GAAG,MAAM,KAAK,CAAC,wBAAwB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;IACpE,QAAQ,GAAG,MAAM,CAAC,aAAa,EAAE,aAAa;QAC5C,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,cAAc,EAAE,MAAM,CAAC,aAAa,CAAC,aAAa,EAAE;QAC/D,CAAC,CAAC,EAAE,CAAA;IACN,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,SAAS;IACtD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,QAAQ,GAAG,IAAI,CAAA;IACf,cAAc,GAAG,CAAC,CAAA;AACpB,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAoB;IAC7C,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAA;IAEnC,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,gDAAgD;QAChD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QAE3C,+BAA+B;QAC/B,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;QACpC,CAAC;QAED,kDAAkD;QAClD,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAEjD,2DAA2D;QAC3D,IAAI,CAAC,OAAO,IAAI,cAAc,IAAI,OAAO,EAAE,CAAC;YAC1C,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;QACpC,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,CAAC,CAAA;QAE/C,4DAA4D;QAC5D,IAAI,OAAO,CAAC,SAAS,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACjD,oEAAoE;YACpE,MAAM,MAAM,GAAiB;gBAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;gBAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;gBAClC,0BAA0B,EAAE,oBAAoB;aACjD,CAAA;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,wBAAwB,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,YAAY,CAAC,CAAA;YACvF,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,2BAA2B,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;YAE5E,IAAI,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;gBACpC,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;YACpC,CAAC;YAED,6DAA6D;YAC7D,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,YAAY,CAAA;YACzC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBACzB,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,aAAa,CAAA;YAC7C,CAAC;YACD,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAA;YAE/E,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA,CAAC,uCAAuC;QACvG,CAAC;QAED,iCAAiC;QACjC,IAAI,CAAC;YACH,wFAAwF;YACxF,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE;gBACzC,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,OAAO,CAAC,WAAW,EAAE;iBAC/C;aACF,CAAC,CAAA;YAEF,MAAM,KAAK,CAAC,sBAAsB,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC,CAAA;QAC1G,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,iCAAiC;YACjC,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;QACpC,CAAC;QAED,sDAAsD;QACtD,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,CAAA;QAC3B,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,WAAW,CAAC,CAAA;QAEzC,kBAAkB;QAClB,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;AACH,CAAC"}

package/dist/routes.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { Hono } from 'hono';
+import type { BezzieConfig } from './index';
+export declare function _resetDiscoveryCache(): void;
+export declare function authRoutes(config: BezzieConfig): Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;
+//# sourceMappingURL=routes.d.ts.map

package/dist/routes.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAI3B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAiB3C,wBAAgB,oBAAoB,SAGnC;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,YAAY,8EA0I9C"}

package/dist/routes.js ADDED Viewed

@@ -0,0 +1,131 @@
+import { Hono } from 'hono';
+import { getCookie, setCookie, deleteCookie } from 'hono/cookie';
+import * as oauth from 'oauth4webapi';
+let cachedAS = null;
+let cacheExpiresAt = 0;
+async function getAuthorizationServer(config) {
+    if (cachedAS && Date.now() < cacheExpiresAt)
+        return cachedAS;
+    const issuerUrl = new URL(config.issuer);
+    const response = await oauth.discoveryRequest(issuerUrl);
+    const as = await oauth.processDiscoveryResponse(issuerUrl, response);
+    cachedAS = config.providerHints?.tokenEndpoint
+        ? { ...as, token_endpoint: config.providerHints.tokenEndpoint }
+        : as;
+    cacheExpiresAt = Date.now() + 60 * 60 * 1000; // 1 hour
+    return cachedAS;
+}
+export function _resetDiscoveryCache() {
+    cachedAS = null;
+    cacheExpiresAt = 0;
+}
+export function authRoutes(config) {
+    const router = new Hono();
+    const sessionStore = config.adapter;
+    router.get('/login', async (c) => {
+        const code_verifier = oauth.generateRandomCodeVerifier();
+        const code_challenge = await oauth.calculatePKCECodeChallenge(code_verifier);
+        const state = oauth.generateRandomState();
+        const returnTo = c.req.query('returnTo');
+        // Store state and codeVerifier in adapter
+        await config.adapter.set(`pkce:${state}`, { codeVerifier: code_verifier, returnTo }, 600); // 10 minutes
+        const as = await getAuthorizationServer(config);
+        if (!as.authorization_endpoint) {
+            return c.text('Missing authorization_endpoint', 500);
+        }
+        const authorizationUrl = new URL(as.authorization_endpoint);
+        authorizationUrl.searchParams.set('client_id', config.clientId);
+        authorizationUrl.searchParams.set('response_type', 'code');
+        authorizationUrl.searchParams.set('redirect_uri', `${config.baseUrl}/auth/callback`);
+        authorizationUrl.searchParams.set('scope', 'openid profile email offline_access');
+        authorizationUrl.searchParams.set('state', state);
+        authorizationUrl.searchParams.set('code_challenge', code_challenge);
+        authorizationUrl.searchParams.set('code_challenge_method', 'S256');
+        if (config.audience) {
+            authorizationUrl.searchParams.set('audience', config.audience);
+        }
+        return c.redirect(authorizationUrl.toString());
+    });
+    router.get('/callback', async (c) => {
+        const error = c.req.query('error');
+        if (error) {
+            return c.text(`OAuth error: ${error}`, 400);
+        }
+        const state = c.req.query('state');
+        const code = c.req.query('code');
+        if (!state || !code) {
+            return c.text('Missing state or code', 400);
+        }
+        const stored = await config.adapter.get(`pkce:${state}`);
+        if (!stored) {
+            return c.text('Invalid or expired state', 400);
+        }
+        const { codeVerifier, returnTo } = stored;
+        await config.adapter.delete(`pkce:${state}`);
+        const as = await getAuthorizationServer(config);
+        const client = {
+            client_id: config.clientId,
+            client_secret: config.clientSecret,
+            token_endpoint_auth_method: 'client_secret_post',
+        };
+        const response = await oauth.authorizationCodeGrantRequest(as, client, new URL(c.req.url).searchParams, `${config.baseUrl}/auth/callback`, codeVerifier);
+        const result = await oauth.processAuthorizationCodeOpenIDResponse(as, client, response);
+        if (oauth.isOAuth2Error(result)) {
+            return c.text('OAuth 2.0 error', 400);
+        }
+        const { access_token, refresh_token, expires_in } = result;
+        const claims = oauth.getValidatedIdTokenClaims(result);
+        const sessionId = crypto.randomUUID();
+        const session = {
+            accessToken: access_token,
+            refreshToken: refresh_token || '',
+            expiresAt: Math.floor(Date.now() / 1000) + (expires_in || 3600),
+            user: {
+                ...claims,
+                sub: claims.sub,
+                email: claims.email,
+            },
+        };
+        // TTL for session in KV. Set to 30 days as per bug fix 3.
+        await sessionStore.set(sessionId, session, 30 * 24 * 60 * 60);
+        setCookie(c, 'sessionId', sessionId, {
+            httpOnly: true,
+            secure: true,
+            sameSite: 'Strict',
+            path: '/',
+        });
+        if (returnTo && returnTo.startsWith('/') && !returnTo.startsWith('//')) {
+            return c.redirect(returnTo);
+        }
+        return c.redirect('/');
+    });
+    router.get('/logout', async (c) => {
+        const sessionId = getCookie(c, 'sessionId');
+        if (sessionId) {
+            await sessionStore.delete(sessionId);
+        }
+        deleteCookie(c, 'sessionId', {
+            path: '/',
+            secure: true,
+        });
+        const as = await getAuthorizationServer(config);
+        let logoutUrl;
+        if (config.providerHints?.logoutUrl) {
+            logoutUrl = new URL(config.providerHints.logoutUrl);
+            logoutUrl.searchParams.set('client_id', config.clientId);
+            logoutUrl.searchParams.set('returnTo', config.baseUrl);
+        }
+        else if (as.end_session_endpoint) {
+            logoutUrl = new URL(as.end_session_endpoint);
+            logoutUrl.searchParams.set('client_id', config.clientId);
+            logoutUrl.searchParams.set('post_logout_redirect_uri', config.baseUrl);
+        }
+        else {
+            // If no endpoint found, we just redirect to base URL
+            return c.redirect('/');
+        }
+        return c.redirect(logoutUrl.toString());
+    });
+    return router;
+}
+//# sourceMappingURL=routes.js.map

package/dist/routes.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"routes.js","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAChE,OAAO,KAAK,KAAK,MAAM,cAAc,CAAA;AAIrC,IAAI,QAAQ,GAAqC,IAAI,CAAA;AACrD,IAAI,cAAc,GAAG,CAAC,CAAA;AAEtB,KAAK,UAAU,sBAAsB,CAAC,MAAoB;IACxD,IAAI,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc;QAAE,OAAO,QAAQ,CAAA;IAC5D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAA;IACxD,MAAM,EAAE,GAAG,MAAM,KAAK,CAAC,wBAAwB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;IACpE,QAAQ,GAAG,MAAM,CAAC,aAAa,EAAE,aAAa;QAC5C,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,cAAc,EAAE,MAAM,CAAC,aAAa,CAAC,aAAa,EAAE;QAC/D,CAAC,CAAC,EAAE,CAAA;IACN,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,SAAS;IACtD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,QAAQ,GAAG,IAAI,CAAA;IACf,cAAc,GAAG,CAAC,CAAA;AACpB,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAoB;IAC7C,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAA;IACzB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAA;IAEnC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC/B,MAAM,aAAa,GAAG,KAAK,CAAC,0BAA0B,EAAE,CAAA;QACxD,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAA;QAC5E,MAAM,KAAK,GAAG,KAAK,CAAC,mBAAmB,EAAE,CAAA;QAEzC,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;QAExC,0CAA0C;QAC1C,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,EAAE,EAAE,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAe,EAAE,GAAG,CAAC,CAAA,CAAC,aAAa;QAEpH,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,CAAC,CAAA;QAC/C,IAAI,CAAC,EAAE,CAAC,sBAAsB,EAAE,CAAC;YAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,gCAAgC,EAAE,GAAG,CAAC,CAAA;QACtD,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,sBAAsB,CAAC,CAAA;QAC3D,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;QAC/D,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAA;QAC1D,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,MAAM,CAAC,OAAO,gBAAgB,CAAC,CAAA;QACpF,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,qCAAqC,CAAC,CAAA;QACjF,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACjD,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAA;QACnE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAA;QAClE,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;QAED,OAAO,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC,CAAA;IAChD,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAClC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,KAAK,EAAE,EAAE,GAAG,CAAC,CAAA;QAC7C,CAAC;QACD,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAEhC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,IAAI,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAA;QAC7C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,EAAE,CAAc,CAAA;QACrE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,CAAC,IAAI,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAA;QAChD,CAAC;QACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;QAEzC,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,KAAK,EAAE,CAAC,CAAA;QAE5C,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,CAAC,CAAA;QAE/C,MAAM,MAAM,GAAiB;YAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;YAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;YAClC,0BAA0B,EAAE,oBAAoB;SACjD,CAAA;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,6BAA6B,CACxD,EAAE,EACF,MAAM,EACN,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,YAAY,EAC/B,GAAG,MAAM,CAAC,OAAO,gBAAgB,EACjC,YAAY,CACb,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,sCAAsC,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;QACvF,IAAI,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAA;QACvC,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,MAAM,CAAA;QAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAA;QAEtD,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;QACrC,MAAM,OAAO,GAAY;YACvB,WAAW,EAAE,YAAY;YACzB,YAAY,EAAE,aAAa,IAAI,EAAE;YACjC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC;YAC/D,IAAI,EAAE;gBACJ,GAAG,MAAM;gBACT,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,KAAK,EAAE,MAAM,CAAC,KAA2B;aAC1C;SACF,CAAA;QAED,0DAA0D;QAC1D,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;QAE7D,SAAS,CAAC,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE;YACnC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;SACV,CAAC,CAAA;QAEF,IAAI,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACvE,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QAC7B,CAAC;QAED,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAChC,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QAC3C,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACtC,CAAC;QAED,YAAY,CAAC,CAAC,EAAE,WAAW,EAAE;YAC3B,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,IAAI;SACb,CAAC,CAAA;QAEF,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,CAAC,CAAA;QAE/C,IAAI,SAAc,CAAA;QAClB,IAAI,MAAM,CAAC,aAAa,EAAE,SAAS,EAAE,CAAC;YACpC,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YACnD,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;YACxD,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;QACxD,CAAC;aAAM,IAAI,EAAE,CAAC,oBAAoB,EAAE,CAAC;YACnC,SAAS,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAA;YAC5C,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;YACxD,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,0BAA0B,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;QACxE,CAAC;aAAM,CAAC;YACN,qDAAqD;YACrD,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QACxB,CAAC;QAED,OAAO,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAA;IACzC,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/session.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Represents a user session.
+ */
+export interface Session {
+    /**
+     * OAuth access token.
+     */
+    accessToken: string;
+    /**
+     * OAuth refresh token.
+     */
+    refreshToken: string;
+    /**
+     * Expiration time of the access token as a Unix timestamp (seconds).
+     */
+    expiresAt: number;
+    /**
+     * User information from the ID token or userinfo endpoint.
+     */
+    user: {
+        /**
+         * Unique identifier for the user.
+         */
+        sub: string;
+        /**
+         * User's email address.
+         */
+        email?: string;
+        [key: string]: unknown;
+    };
+}
+export * from './adapters';
+//# sourceMappingURL=session.d.ts.map

package/dist/session.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;IACnB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IACpB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;IACjB;;OAEG;IACH,IAAI,EAAE;QACJ;;WAEG;QACH,GAAG,EAAE,MAAM,CAAA;QACX;;WAEG;QACH,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KACvB,CAAA;CACF;AAED,cAAc,YAAY,CAAA"}

package/dist/session.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './adapters';
2	+ //# sourceMappingURL=session.js.map

package/dist/session.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAgCA,cAAc,YAAY,CAAA"}

package/package.json ADDED Viewed

@@ -0,0 +1,46 @@
+{
+  "name": "bezzie",
+  "version": "0.1.0",
+  "description": "BFF OAuth 2.0 auth library for Cloudflare Workers",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/neilpmas/bezzie"
+  },
+  "scripts": {
+    "dev": "wrangler dev",
+    "build": "tsc",
+    "test": "vitest run",
+    "lint": "eslint src test --ext .ts",
+    "format": "prettier --write src test",
+    "prepublishOnly": "npm run build && npm test && npm run lint"
+  },
+  "dependencies": {
+    "oauth4webapi": "^2.0.0"
+  },
+  "peerDependencies": {
+    "hono": "^4.0.0"
+  },
+  "devDependencies": {
+    "@cloudflare/vitest-pool-workers": "^0.5.0",
+    "@cloudflare/workers-types": "^4.0.0",
+    "@typescript-eslint/eslint-plugin": "^7.0.0",
+    "@typescript-eslint/parser": "^7.0.0",
+    "eslint": "^8.0.0",
+    "prettier": "^3.0.0",
+    "typescript": "^5.0.0",
+    "vitest": "^2.1.0",
+    "wrangler": "^3.0.0"
+  }
+}