bezzie 0.1.4 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/cloudflare-kv.d.ts +10 -0
- package/dist/adapters/cloudflare-kv.d.ts.map +1 -0
- package/dist/{src/adapters → adapters}/cloudflare-kv.js +1 -2
- package/dist/adapters/cloudflare-kv.js.map +1 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/adapters/memory.d.ts +9 -0
- package/dist/adapters/memory.d.ts.map +1 -0
- package/dist/adapters/memory.js.map +1 -0
- package/dist/{src/adapters → adapters}/redis.d.ts +3 -3
- package/dist/adapters/redis.d.ts.map +1 -0
- package/dist/adapters/redis.js.map +1 -0
- package/dist/{src/adapters → adapters}/types.d.ts +7 -3
- package/dist/adapters/types.d.ts.map +1 -0
- package/dist/{src/adapters → adapters}/types.js.map +1 -1
- package/dist/discovery.d.ts.map +1 -0
- package/dist/discovery.js +24 -0
- package/dist/discovery.js.map +1 -0
- package/dist/{src/index.d.ts → index.d.ts} +14 -8
- package/dist/index.d.ts.map +1 -0
- package/dist/{src/index.js → index.js} +3 -2
- package/dist/index.js.map +1 -0
- package/dist/middleware.d.ts +28 -0
- package/dist/middleware.d.ts.map +1 -0
- package/dist/middleware.js +121 -0
- package/dist/middleware.js.map +1 -0
- package/dist/routes.d.ts +5 -0
- package/dist/routes.d.ts.map +1 -0
- package/dist/{src/routes.js → routes.js} +14 -4
- package/dist/routes.js.map +1 -0
- package/dist/{src/session.d.ts → session.d.ts} +6 -3
- package/dist/session.d.ts.map +1 -0
- package/dist/session.js.map +1 -0
- package/package.json +8 -4
- package/dist/src/adapters/cloudflare-kv.d.ts +0 -10
- package/dist/src/adapters/cloudflare-kv.d.ts.map +0 -1
- package/dist/src/adapters/cloudflare-kv.js.map +0 -1
- package/dist/src/adapters/index.d.ts.map +0 -1
- package/dist/src/adapters/index.js.map +0 -1
- package/dist/src/adapters/memory.d.ts +0 -9
- package/dist/src/adapters/memory.d.ts.map +0 -1
- package/dist/src/adapters/memory.js.map +0 -1
- package/dist/src/adapters/redis.d.ts.map +0 -1
- package/dist/src/adapters/redis.js.map +0 -1
- package/dist/src/adapters/types.d.ts.map +0 -1
- package/dist/src/discovery.d.ts.map +0 -1
- package/dist/src/discovery.js +0 -19
- package/dist/src/discovery.js.map +0 -1
- package/dist/src/index.d.ts.map +0 -1
- package/dist/src/index.js.map +0 -1
- package/dist/src/middleware.d.ts +0 -22
- package/dist/src/middleware.d.ts.map +0 -1
- package/dist/src/middleware.js +0 -95
- package/dist/src/middleware.js.map +0 -1
- package/dist/src/routes.d.ts +0 -5
- package/dist/src/routes.d.ts.map +0 -1
- package/dist/src/routes.js.map +0 -1
- package/dist/src/session.d.ts.map +0 -1
- package/dist/src/session.js.map +0 -1
- package/dist/test/index.test.d.ts +0 -2
- package/dist/test/index.test.d.ts.map +0 -1
- package/dist/test/index.test.js +0 -96
- package/dist/test/index.test.js.map +0 -1
- package/dist/test/middleware.test.d.ts +0 -2
- package/dist/test/middleware.test.d.ts.map +0 -1
- package/dist/test/middleware.test.js +0 -340
- package/dist/test/middleware.test.js.map +0 -1
- package/dist/test/routes.test.d.ts +0 -2
- package/dist/test/routes.test.d.ts.map +0 -1
- package/dist/test/routes.test.js +0 -284
- package/dist/test/routes.test.js.map +0 -1
- package/dist/test/session.test.d.ts +0 -2
- package/dist/test/session.test.d.ts.map +0 -1
- package/dist/test/session.test.js +0 -96
- package/dist/test/session.test.js.map +0 -1
- package/dist/vitest.config.d.ts +0 -3
- package/dist/vitest.config.d.ts.map +0 -1
- package/dist/vitest.config.js +0 -10
- package/dist/vitest.config.js.map +0 -1
- /package/dist/{src/adapters → adapters}/index.d.ts +0 -0
- /package/dist/{src/adapters → adapters}/index.js +0 -0
- /package/dist/{src/adapters → adapters}/memory.js +0 -0
- /package/dist/{src/adapters → adapters}/redis.js +0 -0
- /package/dist/{src/adapters → adapters}/types.js +0 -0
- /package/dist/{src/discovery.d.ts → discovery.d.ts} +0 -0
- /package/dist/{src/session.js → session.js} +0 -0
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { Session } from '../session';
|
|
2
|
+
import { PKCEState, SessionAdapter } from './types';
|
|
3
|
+
export declare class CloudflareKVAdapter<TUser extends Record<string, unknown> = Record<string, unknown>> implements SessionAdapter<TUser> {
|
|
4
|
+
private kv;
|
|
5
|
+
constructor(kv: KVNamespace);
|
|
6
|
+
get(sessionId: string): Promise<Session<TUser> | PKCEState | null>;
|
|
7
|
+
set(sessionId: string, session: Session<TUser> | PKCEState, ttlSeconds: number): Promise<void>;
|
|
8
|
+
delete(sessionId: string): Promise<void>;
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=cloudflare-kv.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cloudflare-kv.d.ts","sourceRoot":"","sources":["../../src/adapters/cloudflare-kv.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAEnD,qBAAa,mBAAmB,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAC9F,YAAW,cAAc,CAAC,KAAK,CAAC;IAEpB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,WAAW;IAE7B,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,GAAG,IAAI,CAAC;IAIlE,GAAG,CACP,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,EACnC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC;IASV,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/C"}
|
|
@@ -4,8 +4,7 @@ export class CloudflareKVAdapter {
|
|
|
4
4
|
this.kv = kv;
|
|
5
5
|
}
|
|
6
6
|
async get(sessionId) {
|
|
7
|
-
|
|
8
|
-
return session;
|
|
7
|
+
return await this.kv.get(sessionId, 'json');
|
|
9
8
|
}
|
|
10
9
|
async set(sessionId, session, ttlSeconds) {
|
|
11
10
|
if (ttlSeconds < 60) {
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cloudflare-kv.js","sourceRoot":"","sources":["../../src/adapters/cloudflare-kv.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,mBAAmB;IAGV;IAApB,YAAoB,EAAe;QAAf,OAAE,GAAF,EAAE,CAAa;IAAG,CAAC;IAEvC,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,OAAO,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAA6B,SAAS,EAAE,MAAM,CAAC,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,GAAG,CACP,SAAiB,EACjB,OAAmC,EACnC,UAAkB;QAElB,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;QAC/D,CAAC;QACD,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE;YACpD,aAAa,EAAE,UAAU;SAC1B,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IACjC,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAA;AACvB,cAAc,iBAAiB,CAAA;AAC/B,cAAc,SAAS,CAAA;AACvB,cAAc,UAAU,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAA;AACvB,cAAc,iBAAiB,CAAA;AAC/B,cAAc,SAAS,CAAA;AACvB,cAAc,UAAU,CAAA"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { Session } from '../session';
|
|
2
|
+
import { SessionAdapter, PKCEState } from './types';
|
|
3
|
+
export declare class MemoryAdapter<TUser extends Record<string, unknown> = Record<string, unknown>> implements SessionAdapter<TUser> {
|
|
4
|
+
private store;
|
|
5
|
+
get(sessionId: string): Promise<Session<TUser> | PKCEState | null>;
|
|
6
|
+
set(sessionId: string, session: Session<TUser> | PKCEState, ttlSeconds: number): Promise<void>;
|
|
7
|
+
delete(sessionId: string): Promise<void>;
|
|
8
|
+
}
|
|
9
|
+
//# sourceMappingURL=memory.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../src/adapters/memory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,SAAS,CAAA;AAOnD,qBAAa,aAAa,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxF,YAAW,cAAc,CAAC,KAAK,CAAC;IAEhC,OAAO,CAAC,KAAK,CAA0C;IAEjD,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,GAAG,IAAI,CAAC;IAUlE,GAAG,CACP,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,EACnC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC;IAOV,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/C"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"memory.js","sourceRoot":"","sources":["../../src/adapters/memory.ts"],"names":[],"mappings":"AAQA,MAAM,OAAO,aAAa;IAGhB,KAAK,GAAG,IAAI,GAAG,EAAgC,CAAA;IAEvD,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACvB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;YAC5B,OAAO,IAAI,CAAA;QACb,CAAC;QACD,OAAO,KAAK,CAAC,OAAO,CAAA;IACtB,CAAC;IAED,KAAK,CAAC,GAAG,CACP,SAAiB,EACjB,OAAmC,EACnC,UAAkB;QAElB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE;YACxB,OAAO;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI;SAC1C,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IAC9B,CAAC;CACF"}
|
|
@@ -7,11 +7,11 @@ export interface RedisClient {
|
|
|
7
7
|
}): Promise<unknown>;
|
|
8
8
|
del(key: string): Promise<unknown>;
|
|
9
9
|
}
|
|
10
|
-
export declare class RedisAdapter implements SessionAdapter {
|
|
10
|
+
export declare class RedisAdapter<TUser extends Record<string, unknown> = Record<string, unknown>> implements SessionAdapter<TUser> {
|
|
11
11
|
private redis;
|
|
12
12
|
constructor(redis: RedisClient);
|
|
13
|
-
get(sessionId: string): Promise<Session | PKCEState | null>;
|
|
14
|
-
set(sessionId: string, session: Session | PKCEState, ttlSeconds: number): Promise<void>;
|
|
13
|
+
get(sessionId: string): Promise<Session<TUser> | PKCEState | null>;
|
|
14
|
+
set(sessionId: string, session: Session<TUser> | PKCEState, ttlSeconds: number): Promise<void>;
|
|
15
15
|
delete(sessionId: string): Promise<void>;
|
|
16
16
|
}
|
|
17
17
|
//# sourceMappingURL=redis.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"redis.d.ts","sourceRoot":"","sources":["../../src/adapters/redis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,SAAS,CAAA;AAEnD,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IACxC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAC5E,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CACnC;AAED,qBAAa,YAAY,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACvF,YAAW,cAAc,CAAC,KAAK,CAAC;IAEpB,OAAO,CAAC,KAAK;gBAAL,KAAK,EAAE,WAAW;IAEhC,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,GAAG,IAAI,CAAC;IAMlE,GAAG,CACP,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,EACnC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC;IAIV,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/C"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"redis.js","sourceRoot":"","sources":["../../src/adapters/redis.ts"],"names":[],"mappings":"AASA,MAAM,OAAO,YAAY;IAGH;IAApB,YAAoB,KAAkB;QAAlB,UAAK,GAAL,KAAK,CAAa;IAAG,CAAC;IAE1C,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAC/C,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAA;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAA+B,CAAA;IAC1D,CAAC;IAED,KAAK,CAAC,GAAG,CACP,SAAiB,EACjB,OAAmC,EACnC,UAAkB;QAElB,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,CAAA;IAC9E,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;IACjC,CAAC;CACF"}
|
|
@@ -3,6 +3,10 @@ import { Session } from '../session';
|
|
|
3
3
|
* Temporary state for the PKCE OAuth flow.
|
|
4
4
|
*/
|
|
5
5
|
export interface PKCEState {
|
|
6
|
+
/**
|
|
7
|
+
* Internal type discriminant.
|
|
8
|
+
*/
|
|
9
|
+
_type: 'pkce';
|
|
6
10
|
/**
|
|
7
11
|
* Code verifier for PKCE.
|
|
8
12
|
*/
|
|
@@ -15,14 +19,14 @@ export interface PKCEState {
|
|
|
15
19
|
/**
|
|
16
20
|
* Interface for session storage adapters.
|
|
17
21
|
*/
|
|
18
|
-
export interface SessionAdapter {
|
|
22
|
+
export interface SessionAdapter<TUser extends Record<string, unknown> = Record<string, unknown>> {
|
|
19
23
|
/**
|
|
20
24
|
* Retrieves a session or PKCE state by ID.
|
|
21
25
|
*
|
|
22
26
|
* @param sessionId Session ID
|
|
23
27
|
* @returns Session, PKCE state, or null if not found
|
|
24
28
|
*/
|
|
25
|
-
get(sessionId: string): Promise<Session | PKCEState | null>;
|
|
29
|
+
get(sessionId: string): Promise<Session<TUser> | PKCEState | null>;
|
|
26
30
|
/**
|
|
27
31
|
* Stores a session or PKCE state.
|
|
28
32
|
*
|
|
@@ -30,7 +34,7 @@ export interface SessionAdapter {
|
|
|
30
34
|
* @param session Session or PKCE state
|
|
31
35
|
* @param ttlSeconds Time-to-live in seconds
|
|
32
36
|
*/
|
|
33
|
-
set(sessionId: string, session: Session | PKCEState, ttlSeconds: number): Promise<void>;
|
|
37
|
+
set(sessionId: string, session: Session<TUser> | PKCEState, ttlSeconds: number): Promise<void>;
|
|
34
38
|
/**
|
|
35
39
|
* Deletes a session or PKCE state.
|
|
36
40
|
*
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAEpC;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IACb;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC7F;;;;;OAKG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,GAAG,IAAI,CAAC,CAAA;IAElE;;;;;;OAMG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE9F;;;;OAIG;IACH,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CACzC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../src/discovery.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,cAAc,CAAA;AACrC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,KAAK,CAAC,mBAAmB,GAAG,IAAI,CAAA;IAC1C,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,KAAK,CAAC,cAAc,CAAA;CAChC;AAED,wBAAgB,oBAAoB,IAAI,cAAc,CAErD;AAED,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,YAAY,EACpB,KAAK,EAAE,cAAc,GACpB,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAoBpC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import * as oauth from 'oauth4webapi';
|
|
2
|
+
export function createDiscoveryCache() {
|
|
3
|
+
return { cachedAS: null, cacheExpiresAt: 0, jwksCache: {} };
|
|
4
|
+
}
|
|
5
|
+
export async function getAuthorizationServer(config, cache) {
|
|
6
|
+
if (cache.cachedAS && Date.now() < cache.cacheExpiresAt) {
|
|
7
|
+
return cache.cachedAS;
|
|
8
|
+
}
|
|
9
|
+
const issuer = new URL(config.issuer);
|
|
10
|
+
try {
|
|
11
|
+
const response = await oauth.discoveryRequest(issuer);
|
|
12
|
+
const as = await oauth.processDiscoveryResponse(issuer, response);
|
|
13
|
+
const cachedAS = config.providerHints?.tokenEndpoint
|
|
14
|
+
? { ...as, token_endpoint: config.providerHints.tokenEndpoint }
|
|
15
|
+
: as;
|
|
16
|
+
cache.cachedAS = cachedAS;
|
|
17
|
+
cache.cacheExpiresAt = Date.now() + 60 * 60 * 1000;
|
|
18
|
+
return cachedAS;
|
|
19
|
+
}
|
|
20
|
+
catch (err) {
|
|
21
|
+
throw new Error(`Bezzie: OIDC discovery failed for ${config.issuer}: ${err instanceof Error ? err.message : String(err)}`, { cause: err });
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=discovery.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../src/discovery.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,cAAc,CAAA;AASrC,MAAM,UAAU,oBAAoB;IAClC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAAA;AAC7D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,MAAoB,EACpB,KAAqB;IAErB,IAAI,KAAK,CAAC,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,cAAc,EAAE,CAAC;QACxD,OAAO,KAAK,CAAC,QAAQ,CAAA;IACvB,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACrC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAA;QACrD,MAAM,EAAE,GAAG,MAAM,KAAK,CAAC,wBAAwB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;QACjE,MAAM,QAAQ,GAAG,MAAM,CAAC,aAAa,EAAE,aAAa;YAClD,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,cAAc,EAAE,MAAM,CAAC,aAAa,CAAC,aAAa,EAAE;YAC/D,CAAC,CAAC,EAAE,CAAA;QACN,KAAK,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACzB,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QAClD,OAAO,QAAQ,CAAA;IACjB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,qCAAqC,MAAM,CAAC,MAAM,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACzG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAA;IACH,CAAC;AACH,CAAC"}
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import { Hono, type MiddlewareHandler } from 'hono';
|
|
2
|
-
import { type Variables } from './middleware';
|
|
2
|
+
import { middleware, optionalMiddleware, type Variables } from './middleware';
|
|
3
3
|
import { type DiscoveryCache } from './discovery';
|
|
4
4
|
import { type SessionAdapter } from './session';
|
|
5
5
|
/**
|
|
6
6
|
* Configuration for Bezzie.
|
|
7
7
|
*/
|
|
8
|
-
export interface BezzieConfig {
|
|
8
|
+
export interface BezzieConfig<TUser extends Record<string, unknown> = Record<string, unknown>> {
|
|
9
9
|
/**
|
|
10
10
|
* Your OIDC provider issuer URL (e.g. `https://tenant.auth0.com`).
|
|
11
11
|
*/
|
|
@@ -25,7 +25,7 @@ export interface BezzieConfig {
|
|
|
25
25
|
/**
|
|
26
26
|
* Session adapter (e.g. `cloudflareKV(env.SESSION_KV)`).
|
|
27
27
|
*/
|
|
28
|
-
adapter: SessionAdapter
|
|
28
|
+
adapter: SessionAdapter<TUser>;
|
|
29
29
|
/**
|
|
30
30
|
* Base URL of your application (used for callback and redirects).
|
|
31
31
|
*/
|
|
@@ -112,11 +112,11 @@ export declare const providers: {
|
|
|
112
112
|
/**
|
|
113
113
|
* Creates a Cloudflare KV session adapter.
|
|
114
114
|
*/
|
|
115
|
-
declare function cloudflareKV(kv: KVNamespace): SessionAdapter
|
|
115
|
+
declare function cloudflareKV<TUser extends Record<string, unknown> = Record<string, unknown>>(kv: KVNamespace): SessionAdapter<TUser>;
|
|
116
116
|
/**
|
|
117
117
|
* The main Bezzie interface.
|
|
118
118
|
*/
|
|
119
|
-
export interface Bezzie {
|
|
119
|
+
export interface Bezzie<TUser extends Record<string, unknown> = Record<string, unknown>> {
|
|
120
120
|
/**
|
|
121
121
|
* Returns a Hono app containing the auth routes (/login, /callback, /logout).
|
|
122
122
|
*/
|
|
@@ -125,7 +125,13 @@ export interface Bezzie {
|
|
|
125
125
|
* Returns a Hono middleware that protects routes and manages sessions.
|
|
126
126
|
*/
|
|
127
127
|
middleware: () => MiddlewareHandler<{
|
|
128
|
-
Variables: Variables
|
|
128
|
+
Variables: Variables<TUser>;
|
|
129
|
+
}>;
|
|
130
|
+
/**
|
|
131
|
+
* Returns a Hono middleware that sets user context if a session exists but always calls next().
|
|
132
|
+
*/
|
|
133
|
+
optionalMiddleware: () => MiddlewareHandler<{
|
|
134
|
+
Variables: Variables<TUser>;
|
|
129
135
|
}>;
|
|
130
136
|
/**
|
|
131
137
|
* Internal discovery cache.
|
|
@@ -140,8 +146,8 @@ export interface Bezzie {
|
|
|
140
146
|
* @returns Bezzie instance
|
|
141
147
|
* @throws {Error} if required configuration is missing or invalid
|
|
142
148
|
*/
|
|
143
|
-
declare function createBezzie(config: BezzieConfig): Bezzie
|
|
144
|
-
export { createBezzie, cloudflareKV };
|
|
149
|
+
declare function createBezzie<TUser extends Record<string, unknown> = Record<string, unknown>>(config: BezzieConfig<TUser>): Bezzie<TUser>;
|
|
150
|
+
export { createBezzie, cloudflareKV, middleware, optionalMiddleware };
|
|
145
151
|
export type { Variables } from './middleware';
|
|
146
152
|
export type { SessionAdapter, PKCEState, Session } from './session';
|
|
147
153
|
export { CloudflareKVAdapter, RedisAdapter, MemoryAdapter } from './session';
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,KAAK,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAEnD,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,KAAK,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7E,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,aAAa,CAAA;AAEvE,OAAO,EAAuB,KAAK,cAAc,EAAE,MAAM,WAAW,CAAA;AAEpE;;GAEG;AACH,MAAM,WAAW,YAAY,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC3F;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;IAEd;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IAEpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IAEjB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC,KAAK,CAAC,CAAA;IAE9B;;OAEG;IACH,OAAO,EAAE,MAAM,CAAA;IAEf;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAElB;;OAEG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAE7B;;OAEG;IACH,aAAa,CAAC,EAAE;QACd;;WAEG;QACH,SAAS,CAAC,EAAE,MAAM,CAAA;QAElB;;WAEG;QACH,aAAa,CAAC,EAAE,MAAM,CAAA;KACvB,CAAA;IAED;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAE1B;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAE5B;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IAEnB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IAEjB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAA;CAC9B;AAED;;GAEG;AACH,eAAO,MAAM,SAAS;IACpB;;OAEG;oBACa,MAAM;;;;;;IAOtB;;OAEG;mBACY,MAAM;;;IAIrB;;OAEG;wBACiB,MAAM,SAAS,MAAM;;;IAIzC;;OAEG;;;;CAIJ,CAAA;AAED;;GAEG;AACH,iBAAS,YAAY,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnF,EAAE,EAAE,WAAW,GACd,cAAc,CAAC,KAAK,CAAC,CAEvB;AAED;;GAEG;AACH,MAAM,WAAW,MAAM,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACrF;;OAEG;IACH,MAAM,EAAE,MAAM,IAAI,CAAA;IAElB;;OAEG;IACH,UAAU,EAAE,MAAM,iBAAiB,CAAC;QAAE,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAA;KAAE,CAAC,CAAA;IAEpE;;OAEG;IACH,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;QAAE,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAA;KAAE,CAAC,CAAA;IAE5E;;;OAGG;IACH,KAAK,EAAE,cAAc,CAAA;CACtB;AAED;;;;;;GAMG;AACH,iBAAS,YAAY,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnF,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,GAC1B,MAAM,CAAC,KAAK,CAAC,CA2Bf;AAED,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAA;AACrE,YAAY,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,YAAY,EAAE,cAAc,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnE,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { authRoutes } from './routes';
|
|
2
|
-
import { middleware } from './middleware';
|
|
2
|
+
import { middleware, optionalMiddleware } from './middleware';
|
|
3
3
|
import { createDiscoveryCache } from './discovery';
|
|
4
4
|
import { CloudflareKVAdapter } from './session';
|
|
5
5
|
/**
|
|
@@ -68,9 +68,10 @@ function createBezzie(config) {
|
|
|
68
68
|
return {
|
|
69
69
|
routes: () => router,
|
|
70
70
|
middleware: () => middleware(config, cache),
|
|
71
|
+
optionalMiddleware: () => optionalMiddleware(config, cache),
|
|
71
72
|
cache,
|
|
72
73
|
};
|
|
73
74
|
}
|
|
74
|
-
export { createBezzie, cloudflareKV };
|
|
75
|
+
export { createBezzie, cloudflareKV, middleware, optionalMiddleware };
|
|
75
76
|
export { CloudflareKVAdapter, RedisAdapter, MemoryAdapter } from './session';
|
|
76
77
|
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAkB,MAAM,cAAc,CAAA;AAC7E,OAAO,EAAE,oBAAoB,EAAuB,MAAM,aAAa,CAAA;AAEvE,OAAO,EAAE,mBAAmB,EAAuB,MAAM,WAAW,CAAA;AA4FpE;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB;;OAEG;IACH,KAAK,EAAE,CAAC,MAAc,EAAE,EAAE,CAAC,CAAC;QAC1B,MAAM,EAAE,WAAW,MAAM,EAAE;QAC3B,aAAa,EAAE;YACb,SAAS,EAAE,WAAW,MAAM,YAAY;SACzC;KACF,CAAC;IAEF;;OAEG;IACH,IAAI,EAAE,CAAC,MAAc,EAAE,EAAE,CAAC,CAAC;QACzB,MAAM,EAAE,WAAW,MAAM,iBAAiB;KAC3C,CAAC;IAEF;;OAEG;IACH,QAAQ,EAAE,CAAC,OAAe,EAAE,KAAa,EAAE,EAAE,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,OAAO,WAAW,KAAK,EAAE;KACrC,CAAC;IAEF;;OAEG;IACH,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACb,MAAM,EAAE,6BAA6B;KACtC,CAAC;CACH,CAAA;AAED;;GAEG;AACH,SAAS,YAAY,CACnB,EAAe;IAEf,OAAO,IAAI,mBAAmB,CAAQ,EAAE,CAAC,CAAA;AAC3C,CAAC;AA4BD;;;;;;GAMG;AACH,SAAS,YAAY,CACnB,MAA2B;IAE3B,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;IAC7E,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,GAAgC,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,oCAAoC,GAAG,EAAE,CAAC,CAAA;QAC5D,CAAC;IACH,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IAC5D,CAAC;IAED,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;IACvD,CAAC;IAED,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAA;IACpC,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAExC,OAAO;QACL,MAAM,EAAE,GAAG,EAAE,CAAC,MAAM;QACpB,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC;QAC3C,kBAAkB,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,MAAM,EAAE,KAAK,CAAC;QAC3D,KAAK;KACN,CAAA;AACH,CAAC;AAED,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAA;AAGrE,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import type { MiddlewareHandler } from 'hono';
|
|
2
|
+
import { type DiscoveryCache } from './discovery';
|
|
3
|
+
import type { Session } from './session';
|
|
4
|
+
import type { BezzieConfig } from './index';
|
|
5
|
+
/**
|
|
6
|
+
* Hono context variables provided by Bezzie middleware.
|
|
7
|
+
* These are what downstream route handlers read from `c.var`.
|
|
8
|
+
*/
|
|
9
|
+
export type Variables<TUser extends Record<string, unknown> = Record<string, unknown>> = {
|
|
10
|
+
/**
|
|
11
|
+
* The authenticated user's information.
|
|
12
|
+
*/
|
|
13
|
+
user: Session<TUser>['user'];
|
|
14
|
+
/**
|
|
15
|
+
* The current OAuth access token.
|
|
16
|
+
*/
|
|
17
|
+
accessToken: string;
|
|
18
|
+
};
|
|
19
|
+
export declare function middleware<TUser extends Record<string, unknown> = Record<string, unknown>>(config: BezzieConfig<TUser>, cache: DiscoveryCache): MiddlewareHandler<{
|
|
20
|
+
Variables: Variables<TUser>;
|
|
21
|
+
}>;
|
|
22
|
+
/**
|
|
23
|
+
* Middleware that sets user context if a session exists but always calls next().
|
|
24
|
+
*/
|
|
25
|
+
export declare function optionalMiddleware<TUser extends Record<string, unknown> = Record<string, unknown>>(config: BezzieConfig<TUser>, cache: DiscoveryCache): MiddlewareHandler<{
|
|
26
|
+
Variables: Variables<TUser>;
|
|
27
|
+
}>;
|
|
28
|
+
//# sourceMappingURL=middleware.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAW,MAAM,MAAM,CAAA;AAGtD,OAAO,EAA0B,KAAK,cAAc,EAAE,MAAM,aAAa,CAAA;AACzE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C;;;GAGG;AACH,MAAM,MAAM,SAAS,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI;IACvF;;OAEG;IACH,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAA;IAC5B;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AA4GD,wBAAgB,UAAU,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxF,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,EAC3B,KAAK,EAAE,cAAc,GACpB,iBAAiB,CAAC;IAAE,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAA;CAAE,CAAC,CAmBpD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChG,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,EAC3B,KAAK,EAAE,cAAc,GACpB,iBAAiB,CAAC;IAAE,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAA;CAAE,CAAC,CAapD"}
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
import { getCookie } from 'hono/cookie';
|
|
2
|
+
import * as oauth from 'oauth4webapi';
|
|
3
|
+
import { getAuthorizationServer } from './discovery';
|
|
4
|
+
async function authenticate(c, config, cache) {
|
|
5
|
+
const sessionStore = config.adapter;
|
|
6
|
+
// 1. Read the sessionId cookie from the request
|
|
7
|
+
const sessionId = getCookie(c, config.cookieName ?? '__Host-session');
|
|
8
|
+
// 2. If no cookie → unauthenticated
|
|
9
|
+
if (!sessionId) {
|
|
10
|
+
return { type: 'unauthenticated' };
|
|
11
|
+
}
|
|
12
|
+
// 3. Look up the session in KV using SessionStore
|
|
13
|
+
let session = await sessionStore.get(sessionId);
|
|
14
|
+
// 4. If no session found or it's a PKCE state → unauthenticated
|
|
15
|
+
if (!session || session._type === 'pkce') {
|
|
16
|
+
return { type: 'unauthenticated' };
|
|
17
|
+
}
|
|
18
|
+
// 4.5 Check for absolute session expiry (90 days)
|
|
19
|
+
const MAX_SESSION_AGE = 90 * 24 * 60 * 60; // 90 days
|
|
20
|
+
if (Math.floor(Date.now() / 1000) - session.createdAt > MAX_SESSION_AGE) {
|
|
21
|
+
await sessionStore.delete(sessionId);
|
|
22
|
+
return { type: 'expired' };
|
|
23
|
+
}
|
|
24
|
+
const as = await getAuthorizationServer(config, cache);
|
|
25
|
+
// 5. Check if the access token is expired (with configurable buffer)
|
|
26
|
+
if (session.expiresAt < Date.now() / 1000 + (config.refreshBufferSeconds ?? 60)) {
|
|
27
|
+
if (session.refreshToken) {
|
|
28
|
+
try {
|
|
29
|
+
// 6. If expired → use oauth4webapi to perform a refresh token grant
|
|
30
|
+
const client = { client_id: config.clientId };
|
|
31
|
+
const clientAuth = oauth.ClientSecretPost(config.clientSecret);
|
|
32
|
+
const response = await oauth.refreshTokenGrantRequest(as, client, clientAuth, session.refreshToken);
|
|
33
|
+
try {
|
|
34
|
+
const result = await oauth.processRefreshTokenResponse(as, client, response);
|
|
35
|
+
// Update the session in KV with new tokens and new expiresAt
|
|
36
|
+
session.accessToken = result.access_token;
|
|
37
|
+
if (result.refresh_token) {
|
|
38
|
+
session.refreshToken = result.refresh_token;
|
|
39
|
+
}
|
|
40
|
+
session.expiresAt = Math.floor(Date.now() / 1000) + (result.expires_in || 3600);
|
|
41
|
+
await sessionStore.set(sessionId, session, config.sessionTtlSeconds ?? 30 * 24 * 60 * 60); // 30 days, matches initial session TTL
|
|
42
|
+
}
|
|
43
|
+
catch (err) {
|
|
44
|
+
if (err instanceof oauth.ResponseBodyError && err.error === 'invalid_grant') {
|
|
45
|
+
// Potential race condition: another request might have already refreshed this token
|
|
46
|
+
const refreshedSession = await sessionStore.get(sessionId);
|
|
47
|
+
if (refreshedSession &&
|
|
48
|
+
refreshedSession._type === 'session' &&
|
|
49
|
+
refreshedSession.accessToken !== session.accessToken) {
|
|
50
|
+
// Someone else already refreshed it! Use that session.
|
|
51
|
+
session = refreshedSession;
|
|
52
|
+
}
|
|
53
|
+
else {
|
|
54
|
+
// Truly failed
|
|
55
|
+
await sessionStore.delete(sessionId);
|
|
56
|
+
return { type: 'unauthenticated' };
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
else {
|
|
60
|
+
await sessionStore.delete(sessionId);
|
|
61
|
+
return { type: 'unauthenticated' };
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
catch {
|
|
66
|
+
await sessionStore.delete(sessionId);
|
|
67
|
+
return { type: 'unauthenticated' };
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
// 8. Validate the JWT using JWKS (only if audience is set and validation is enabled)
|
|
72
|
+
if (config.validateAccessToken !== false && config.audience) {
|
|
73
|
+
try {
|
|
74
|
+
// We need a Request object that has the Authorization header for validateJwtAccessToken
|
|
75
|
+
const mockReq = new Request(c.req.raw.url, {
|
|
76
|
+
headers: {
|
|
77
|
+
Authorization: `Bearer ${session.accessToken}`,
|
|
78
|
+
},
|
|
79
|
+
});
|
|
80
|
+
await oauth.validateJwtAccessToken(as, mockReq, config.audience, { [oauth.jwksCache]: cache.jwksCache });
|
|
81
|
+
}
|
|
82
|
+
catch {
|
|
83
|
+
// 9. If JWT invalid → fallback to opaque token (pass through)
|
|
84
|
+
// This allows Bezzie to work with providers that issue opaque access tokens
|
|
85
|
+
// or if the JWT is not verifiable for some reason, but we still have a valid session.
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
return { type: 'authenticated', user: session.user, accessToken: session.accessToken };
|
|
89
|
+
}
|
|
90
|
+
export function middleware(config, cache) {
|
|
91
|
+
return async (c, next) => {
|
|
92
|
+
const result = await authenticate(c, config, cache);
|
|
93
|
+
if (result.type === 'unauthenticated') {
|
|
94
|
+
return c.text('Unauthorized', 401);
|
|
95
|
+
}
|
|
96
|
+
if (result.type === 'expired') {
|
|
97
|
+
return c.redirect(config.loginPath ?? '/auth/login');
|
|
98
|
+
}
|
|
99
|
+
// Attach the user and accessToken to Hono context
|
|
100
|
+
c.set('user', result.user);
|
|
101
|
+
c.set('accessToken', result.accessToken);
|
|
102
|
+
// Call next()
|
|
103
|
+
await next();
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Middleware that sets user context if a session exists but always calls next().
|
|
108
|
+
*/
|
|
109
|
+
export function optionalMiddleware(config, cache) {
|
|
110
|
+
return async (c, next) => {
|
|
111
|
+
const result = await authenticate(c, config, cache);
|
|
112
|
+
if (result.type === 'authenticated') {
|
|
113
|
+
// Attach the user and accessToken to Hono context
|
|
114
|
+
c.set('user', result.user);
|
|
115
|
+
c.set('accessToken', result.accessToken);
|
|
116
|
+
}
|
|
117
|
+
// Always call next()
|
|
118
|
+
await next();
|
|
119
|
+
};
|
|
120
|
+
}
|
|
121
|
+
//# sourceMappingURL=middleware.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AACvC,OAAO,KAAK,KAAK,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,sBAAsB,EAAuB,MAAM,aAAa,CAAA;AAwBzE,KAAK,UAAU,YAAY,CACzB,CAAU,EACV,MAA2B,EAC3B,KAAqB;IAErB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAA;IAEnC,gDAAgD;IAChD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,IAAI,gBAAgB,CAAC,CAAA;IAErE,oCAAoC;IACpC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;IACpC,CAAC;IAED,kDAAkD;IAClD,IAAI,OAAO,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;IAE/C,gEAAgE;IAChE,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;QACzC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;IACpC,CAAC;IAED,kDAAkD;IAClD,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA,CAAC,UAAU;IACpD,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,SAAS,GAAG,eAAe,EAAE,CAAC;QACxE,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACpC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;IAC5B,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAEtD,qEAAqE;IACrE,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,oBAAoB,IAAI,EAAE,CAAC,EAAE,CAAC;QAChF,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,oEAAoE;gBACpE,MAAM,MAAM,GAAiB,EAAE,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAA;gBAC3D,MAAM,UAAU,GAAG,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;gBAE9D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,wBAAwB,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,CAAA;gBAEnG,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,2BAA2B,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;oBAC5E,6DAA6D;oBAC7D,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,YAAY,CAAA;oBACzC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;wBACzB,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,aAAa,CAAA;oBAC7C,CAAC;oBACD,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAA;oBAE/E,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA,CAAC,uCAAuC;gBACnI,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,GAAG,YAAY,KAAK,CAAC,iBAAiB,IAAI,GAAG,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;wBAC5E,oFAAoF;wBACpF,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;wBAC1D,IACE,gBAAgB;4BAChB,gBAAgB,CAAC,KAAK,KAAK,SAAS;4BACpC,gBAAgB,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EACpD,CAAC;4BACD,uDAAuD;4BACvD,OAAO,GAAG,gBAAgB,CAAA;wBAC5B,CAAC;6BAAM,CAAC;4BACN,eAAe;4BACf,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;4BACpC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;wBACpC,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;wBACpC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;oBACpC,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;gBACpC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,qFAAqF;IACrF,IAAI,MAAM,CAAC,mBAAmB,KAAK,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC5D,IAAI,CAAC;YACH,wFAAwF;YACxF,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE;gBACzC,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,OAAO,CAAC,WAAW,EAAE;iBAC/C;aACF,CAAC,CAAA;YAEF,MAAM,KAAK,CAAC,sBAAsB,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;QAC1G,CAAC;QAAC,MAAM,CAAC;YACP,8DAA8D;YAC9D,4EAA4E;YAC5E,sFAAsF;QACxF,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAA;AACxF,CAAC;AAED,MAAM,UAAU,UAAU,CACxB,MAA2B,EAC3B,KAAqB;IAErB,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;QAEnD,IAAI,MAAM,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;YACtC,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;QACpC,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,IAAI,aAAa,CAAC,CAAA;QACtD,CAAC;QAED,kDAAkD;QAClD,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;QAC1B,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,CAAC,CAAA;QAExC,cAAc;QACd,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAA2B,EAC3B,KAAqB;IAErB,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;QAEnD,IAAI,MAAM,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YACpC,kDAAkD;YAClD,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;YAC1B,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,CAAC,CAAA;QAC1C,CAAC;QAED,qBAAqB;QACrB,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;AACH,CAAC"}
|
package/dist/routes.d.ts
ADDED
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { Hono } from 'hono';
|
|
2
|
+
import { type DiscoveryCache } from './discovery';
|
|
3
|
+
import type { BezzieConfig } from './index';
|
|
4
|
+
export declare function authRoutes<TUser extends Record<string, unknown> = Record<string, unknown>>(config: BezzieConfig<TUser>, cache: DiscoveryCache): Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;
|
|
5
|
+
//# sourceMappingURL=routes.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAG3B,OAAO,EAA0B,KAAK,cAAc,EAAE,MAAM,aAAa,CAAA;AAEzE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C,wBAAgB,UAAU,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxF,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,EAC3B,KAAK,EAAE,cAAc,8EA8KtB"}
|
|
@@ -11,7 +11,7 @@ export function authRoutes(config, cache) {
|
|
|
11
11
|
const state = oauth.generateRandomState();
|
|
12
12
|
const returnTo = c.req.query('returnTo');
|
|
13
13
|
// Store state and codeVerifier in adapter
|
|
14
|
-
await config.adapter.set(`pkce:${state}`, { codeVerifier: code_verifier, returnTo }, config.pkceStateTtlSeconds ?? 600); // 10 minutes
|
|
14
|
+
await config.adapter.set(`pkce:${state}`, { _type: 'pkce', codeVerifier: code_verifier, returnTo }, config.pkceStateTtlSeconds ?? 600); // 10 minutes
|
|
15
15
|
const as = await getAuthorizationServer(config, cache);
|
|
16
16
|
if (!as.authorization_endpoint) {
|
|
17
17
|
return c.text('Missing authorization_endpoint', 500);
|
|
@@ -32,7 +32,12 @@ export function authRoutes(config, cache) {
|
|
|
32
32
|
router.get('/callback', async (c) => {
|
|
33
33
|
const error = c.req.query('error');
|
|
34
34
|
if (error) {
|
|
35
|
-
|
|
35
|
+
const ERROR_MESSAGES = {
|
|
36
|
+
access_denied: 'Access was denied.',
|
|
37
|
+
temporarily_unavailable: 'The provider is temporarily unavailable. Please try again.',
|
|
38
|
+
server_error: 'The provider returned a server error.',
|
|
39
|
+
};
|
|
40
|
+
return c.text(ERROR_MESSAGES[error] ?? 'Authentication failed.', 400);
|
|
36
41
|
}
|
|
37
42
|
const state = c.req.query('state');
|
|
38
43
|
const code = c.req.query('code');
|
|
@@ -67,8 +72,11 @@ export function authRoutes(config, cache) {
|
|
|
67
72
|
if (!refresh_token) {
|
|
68
73
|
console.warn('Bezzie: refresh_token is missing from the token response. offline_access may not be enabled or supported by the provider.');
|
|
69
74
|
}
|
|
70
|
-
const sessionId = crypto.
|
|
75
|
+
const sessionId = Array.from(crypto.getRandomValues(new Uint8Array(16)))
|
|
76
|
+
.map((b) => b.toString(16).padStart(2, '0'))
|
|
77
|
+
.join('');
|
|
71
78
|
const session = {
|
|
79
|
+
_type: 'session',
|
|
72
80
|
accessToken: access_token,
|
|
73
81
|
refreshToken: refresh_token,
|
|
74
82
|
idToken: id_token,
|
|
@@ -99,7 +107,7 @@ export function authRoutes(config, cache) {
|
|
|
99
107
|
let idToken;
|
|
100
108
|
if (sessionId) {
|
|
101
109
|
const session = await sessionStore.get(sessionId);
|
|
102
|
-
if (session &&
|
|
110
|
+
if (session && session._type === 'session') {
|
|
103
111
|
idToken = session.idToken;
|
|
104
112
|
}
|
|
105
113
|
await sessionStore.delete(sessionId);
|
|
@@ -107,6 +115,8 @@ export function authRoutes(config, cache) {
|
|
|
107
115
|
deleteCookie(c, config.cookieName ?? '__Host-session', {
|
|
108
116
|
path: '/',
|
|
109
117
|
secure: true,
|
|
118
|
+
httpOnly: true,
|
|
119
|
+
sameSite: 'Strict',
|
|
110
120
|
});
|
|
111
121
|
const as = await getAuthorizationServer(config, cache);
|
|
112
122
|
let logoutUrl;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"routes.js","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAChE,OAAO,KAAK,KAAK,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,sBAAsB,EAAuB,MAAM,aAAa,CAAA;AAIzE,MAAM,UAAU,UAAU,CACxB,MAA2B,EAC3B,KAAqB;IAErB,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAA;IACzB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAA;IAEnC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC/B,MAAM,aAAa,GAAG,KAAK,CAAC,0BAA0B,EAAE,CAAA;QACxD,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAA;QAC5E,MAAM,KAAK,GAAG,KAAK,CAAC,mBAAmB,EAAE,CAAA;QAEzC,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;QAExC,0CAA0C;QAC1C,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAe,EAAE,MAAM,CAAC,mBAAmB,IAAI,GAAG,CAAC,CAAA,CAAC,aAAa;QAEjK,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QACtD,IAAI,CAAC,EAAE,CAAC,sBAAsB,EAAE,CAAC;YAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,gCAAgC,EAAE,GAAG,CAAC,CAAA;QACtD,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,sBAAsB,CAAC,CAAA;QAC3D,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;QAC/D,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAA;QAC1D,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,MAAM,CAAC,OAAO,gBAAgB,CAAC,CAAA;QACpF,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QACzH,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACjD,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAA;QACnE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAA;QAClE,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;QAED,OAAO,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC,CAAA;IAChD,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAClC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,cAAc,GAA2B;gBAC7C,aAAa,EAAE,oBAAoB;gBACnC,uBAAuB,EAAE,4DAA4D;gBACrF,YAAY,EAAE,uCAAuC;aACtD,CAAA;YACD,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,IAAI,wBAAwB,EAAE,GAAG,CAAC,CAAA;QACvE,CAAC;QACD,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAEhC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,IAAI,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAA;QAC7C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,EAAE,CAAc,CAAA;QACrE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,CAAC,IAAI,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAA;QAChD,CAAC;QACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;QAEzC,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,KAAK,EAAE,CAAC,CAAA;QAE5C,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAEtD,MAAM,MAAM,GAAiB,EAAE,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAA;QAC3D,MAAM,UAAU,GAAG,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;QAE9D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,6BAA6B,CACxD,EAAE,EACF,MAAM,EACN,UAAU,EACV,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,YAAY,EAC/B,GAAG,MAAM,CAAC,OAAO,gBAAgB,EACjC,YAAY,CACb,CAAA;QAED,IAAI,MAAmC,CAAA;QACvC,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,KAAK,CAAC,gCAAgC,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;QAC7E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,KAAK,CAAC,iBAAiB,EAAE,CAAC;gBAC3C,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAA;YACvC,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;QACpE,MAAM,MAAM,GAAG,KAAK,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAA;QAEtD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sCAAsC,EAAE,EAAE,GAAG,CAAC,CAAA;QACvE,CAAC;QAED,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC,2HAA2H,CAAC,CAAA;QAC3I,CAAC;QAED,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;aACrE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAA;QACX,MAAM,OAAO,GAAmB;YAC9B,KAAK,EAAE,SAAS;YAChB,WAAW,EAAE,YAAY;YACzB,YAAY,EAAE,aAAa;YAC3B,OAAO,EAAE,QAAQ;YACjB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC;YAC/D,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACxC,IAAI,EAAE;gBACJ,GAAG,MAAM;gBACT,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,KAAK,EAAE,MAAM,CAAC,KAA2B;aACY;SACxD,CAAA;QAED,0DAA0D;QAC1D,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;QAEzF,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,IAAI,gBAAgB,EAAE,SAAS,EAAE;YAC7D,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,kCAAkC;SAC1F,CAAC,CAAA;QAEF,IAAI,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACvE,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QAC7B,CAAC;QAED,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,IAAI,gBAAgB,CAAC,CAAA;QACrE,IAAI,OAA2B,CAAA;QAC/B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;YACjD,IAAI,OAAO,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAC3C,OAAO,GAAI,OAA0B,CAAC,OAAO,CAAA;YAC/C,CAAC;YACD,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACtC,CAAC;QAED,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,IAAI,gBAAgB,EAAE;YACrD,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,QAAQ;SACnB,CAAC,CAAA;QAEF,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAEtD,IAAI,SAAc,CAAA;QAClB,IAAI,MAAM,CAAC,aAAa,EAAE,SAAS,EAAE,CAAC;YACpC,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YACnD,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;YACxD,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;aAAM,IAAI,EAAE,CAAC,oBAAoB,EAAE,CAAC;YACnC,SAAS,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAA;YAC5C,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;YACxD,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,0BAA0B,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;YACtE,IAAI,OAAO,EAAE,CAAC;gBACZ,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,qDAAqD;YACrD,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QACxB,CAAC;QAED,OAAO,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAA;IACzC,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC"}
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Represents a user session.
|
|
3
3
|
*/
|
|
4
|
-
export interface Session {
|
|
4
|
+
export interface Session<TUser extends Record<string, unknown> = Record<string, unknown>> {
|
|
5
|
+
/**
|
|
6
|
+
* Internal type discriminant.
|
|
7
|
+
*/
|
|
8
|
+
_type: 'session';
|
|
5
9
|
/**
|
|
6
10
|
* OAuth access token.
|
|
7
11
|
*/
|
|
@@ -34,8 +38,7 @@ export interface Session {
|
|
|
34
38
|
* User's email address.
|
|
35
39
|
*/
|
|
36
40
|
email?: string;
|
|
37
|
-
|
|
38
|
-
};
|
|
41
|
+
} & TUser;
|
|
39
42
|
}
|
|
40
43
|
export * from './adapters';
|
|
41
44
|
//# sourceMappingURL=session.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,OAAO,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACtF;;OAEG;IACH,KAAK,EAAE,SAAS,CAAA;IAChB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;IACnB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;IACjB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;IACjB;;OAEG;IACH,IAAI,EAAE;QACJ;;WAEG;QACH,GAAG,EAAE,MAAM,CAAA;QACX;;WAEG;QACH,KAAK,CAAC,EAAE,MAAM,CAAA;KACf,GAAG,KAAK,CAAA;CACV;AAED,cAAc,YAAY,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AA2CA,cAAc,YAAY,CAAA"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "bezzie",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.6",
|
|
4
4
|
"type": "module",
|
|
5
|
+
"sideEffects": false,
|
|
6
|
+
"engines": {
|
|
7
|
+
"node": ">=18"
|
|
8
|
+
},
|
|
5
9
|
"description": "BFF OAuth 2.0 auth library for Cloudflare Workers",
|
|
6
10
|
"keywords": ["hono", "cloudflare-workers", "oauth", "oidc", "auth", "bff", "session", "jwt", "pkce"],
|
|
7
11
|
"main": "dist/index.js",
|
|
@@ -35,14 +39,14 @@
|
|
|
35
39
|
"hono": "^4.0.0"
|
|
36
40
|
},
|
|
37
41
|
"devDependencies": {
|
|
38
|
-
"@cloudflare/vitest-pool-workers": "^0.
|
|
42
|
+
"@cloudflare/vitest-pool-workers": "^0.14.1",
|
|
39
43
|
"@cloudflare/workers-types": "^4.20260317.1",
|
|
40
|
-
"@eslint/js": "^
|
|
44
|
+
"@eslint/js": "^10.0.1",
|
|
41
45
|
"@typescript-eslint/eslint-plugin": "^8.0.0",
|
|
42
46
|
"@typescript-eslint/parser": "^8.0.0",
|
|
43
47
|
"eslint": "^10.1.0",
|
|
44
48
|
"prettier": "^3.0.0",
|
|
45
|
-
"typescript": "^
|
|
49
|
+
"typescript": "^6.0.2",
|
|
46
50
|
"typescript-eslint": "^8.0.0",
|
|
47
51
|
"vitest": "^4.1.1",
|
|
48
52
|
"wrangler": "^4.77.0"
|
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
import { Session } from '../session';
|
|
2
|
-
import { SessionAdapter, PKCEState } from './types';
|
|
3
|
-
export declare class CloudflareKVAdapter implements SessionAdapter {
|
|
4
|
-
private kv;
|
|
5
|
-
constructor(kv: KVNamespace);
|
|
6
|
-
get(sessionId: string): Promise<Session | PKCEState | null>;
|
|
7
|
-
set(sessionId: string, session: Session | PKCEState, ttlSeconds: number): Promise<void>;
|
|
8
|
-
delete(sessionId: string): Promise<void>;
|
|
9
|
-
}
|
|
10
|
-
//# sourceMappingURL=cloudflare-kv.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"cloudflare-kv.d.ts","sourceRoot":"","sources":["../../../src/adapters/cloudflare-kv.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,SAAS,CAAA;AAEnD,qBAAa,mBAAoB,YAAW,cAAc;IAC5C,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,WAAW;IAE7B,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,SAAS,GAAG,IAAI,CAAC;IAK3D,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IASvF,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/C"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"cloudflare-kv.js","sourceRoot":"","sources":["../../../src/adapters/cloudflare-kv.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,mBAAmB;IACV;IAApB,YAAoB,EAAe;QAAf,OAAE,GAAF,EAAE,CAAa;IAAG,CAAC;IAEvC,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAsB,SAAS,EAAE,MAAM,CAAC,CAAA;QACzE,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,SAAiB,EAAE,OAA4B,EAAE,UAAkB;QAC3E,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;QAC/D,CAAC;QACD,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE;YACpD,aAAa,EAAE,UAAU;SAC1B,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IACjC,CAAC;CACF"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAA;AACvB,cAAc,iBAAiB,CAAA;AAC/B,cAAc,SAAS,CAAA;AACvB,cAAc,UAAU,CAAA"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAA;AACvB,cAAc,iBAAiB,CAAA;AAC/B,cAAc,SAAS,CAAA;AACvB,cAAc,UAAU,CAAA"}
|
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
import { Session } from '../session';
|
|
2
|
-
import { SessionAdapter, PKCEState } from './types';
|
|
3
|
-
export declare class MemoryAdapter implements SessionAdapter {
|
|
4
|
-
private store;
|
|
5
|
-
get(sessionId: string): Promise<Session | PKCEState | null>;
|
|
6
|
-
set(sessionId: string, session: Session | PKCEState, ttlSeconds: number): Promise<void>;
|
|
7
|
-
delete(sessionId: string): Promise<void>;
|
|
8
|
-
}
|
|
9
|
-
//# sourceMappingURL=memory.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../../src/adapters/memory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,SAAS,CAAA;AAOnD,qBAAa,aAAc,YAAW,cAAc;IAClD,OAAO,CAAC,KAAK,CAAmC;IAE1C,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,SAAS,GAAG,IAAI,CAAC;IAU3D,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOvF,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/C"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"memory.js","sourceRoot":"","sources":["../../../src/adapters/memory.ts"],"names":[],"mappings":"AAQA,MAAM,OAAO,aAAa;IAChB,KAAK,GAAG,IAAI,GAAG,EAAyB,CAAA;IAEhD,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACvB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;YAC5B,OAAO,IAAI,CAAA;QACb,CAAC;QACD,OAAO,KAAK,CAAC,OAAO,CAAA;IACtB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,SAAiB,EAAE,OAA4B,EAAE,UAAkB;QAC3E,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE;YACxB,OAAO;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI;SAC1C,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IAC9B,CAAC;CACF"}
|