bezzie 0.1.4 → 0.1.6

package/dist/test/middleware.test.js

@@ -1,340 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from 'vitest';
-import { Hono } from 'hono';
-import { createBezzie, MemoryAdapter } from '../src';
-import * as oauth from 'oauth4webapi';
-// Mock oauth4webapi
-vi.mock('oauth4webapi', async () => {
-    const actual = await vi.importActual('oauth4webapi');
-    return {
-        ...actual,
-        discoveryRequest: vi.fn(),
-        processDiscoveryResponse: vi.fn(),
-        refreshTokenGrantRequest: vi.fn(),
-        processRefreshTokenResponse: vi.fn(),
-        validateJwtAccessToken: vi.fn(),
-    };
-});
-describe('Middleware', () => {
-    let adapter;
-    let auth;
-    let app;
-    const issuer = 'https://test.auth0.com';
-    beforeEach(async () => {
-        vi.clearAllMocks();
-        adapter = new MemoryAdapter();
-        const config = {
-            issuer,
-            clientId: 'test-client-id',
-            clientSecret: 'test-client-secret',
-            audience: 'https://api.test.com',
-            adapter,
-            baseUrl: 'https://app.test.com',
-        };
-        auth = createBezzie(config);
-        app = new Hono();
-        app.use('/api/*', auth.middleware());
-        app.get('/api/me', (c) => {
-            return c.json({ user: c.get('user'), accessToken: c.get('accessToken') });
-        });
-        // Default mock for discovery
-        const mockAs = { issuer, jwks_uri: `${issuer}/jwks` };
-        vi.mocked(oauth.discoveryRequest).mockResolvedValue({});
-        vi.mocked(oauth.processDiscoveryResponse).mockResolvedValue(mockAs);
-    });
-    it('returns 401 with no cookie', async () => {
-        const res = await app.request('/api/me');
-        expect(res.status).toBe(401);
-        expect(await res.text()).toBe('Unauthorized');
-    });
-    it('returns 401 with invalid session (not in KV)', async () => {
-        const res = await app.request('/api/me', {
-            headers: {
-                Cookie: '__Host-session=non-existent',
-            },
-        });
-        expect(res.status).toBe(401);
-    });
-    it('valid session passes through and sets user on context', async () => {
-        const sessionId = 'test-session-id';
-        const user = { sub: 'user-123', email: 'user@example.com' };
-        await adapter.set(sessionId, {
-            accessToken: 'valid-token',
-            refreshToken: 'valid-refresh',
-            expiresAt: Math.floor(Date.now() / 1000) + 3600,
-            createdAt: Math.floor(Date.now() / 1000),
-            user,
-        }, 3600);
-        // Mock successful JWT validation
-        vi.mocked(oauth.validateJwtAccessToken).mockResolvedValue({});
-        const res = await app.request('/api/me', {
-            headers: {
-                Cookie: `__Host-session=${sessionId}`,
-            },
-        });
-        expect(res.status).toBe(200);
-        const data = (await res.json());
-        expect(data.user).toEqual(user);
-        expect(data.accessToken).toBe('valid-token');
-    });
-    it('expired access token triggers refresh, updates KV, passes through', async () => {
-        const sessionId = 'test-session-id';
-        const user = { sub: 'user-123' };
-        await adapter.set(sessionId, {
-            accessToken: 'expired-token',
-            refreshToken: 'valid-refresh',
-            expiresAt: Math.floor(Date.now() / 1000) - 10, // expired 10s ago
-            createdAt: Math.floor(Date.now() / 1000) - 1000,
-            user,
-        }, 86400);
-        // Mock successful refresh
-        vi.mocked(oauth.refreshTokenGrantRequest).mockResolvedValue({});
-        vi.mocked(oauth.processRefreshTokenResponse).mockResolvedValue({
-            access_token: 'new-token',
-            refresh_token: 'new-refresh',
-            expires_in: 3600,
-            token_type: 'bearer',
-        });
-        vi.mocked(oauth.validateJwtAccessToken).mockResolvedValue({});
-        const res = await app.request('/api/me', {
-            headers: {
-                Cookie: `__Host-session=${sessionId}`,
-            },
-        });
-        expect(res.status).toBe(200);
-        const data = (await res.json());
-        expect(data.accessToken).toBe('new-token');
-        // Check adapter updated
-        const stored = (await adapter.get(sessionId));
-        expect(stored.accessToken).toBe('new-token');
-        expect(stored.refreshToken).toBe('new-refresh');
-        expect(stored.expiresAt).toBeGreaterThan(Date.now() / 1000);
-    });
-    it('failed refresh deletes session and returns 401', async () => {
-        const sessionId = 'test-session-id';
-        await adapter.set(sessionId, {
-            accessToken: 'expired-token',
-            refreshToken: 'invalid-refresh',
-            expiresAt: Math.floor(Date.now() / 1000) - 10,
-            createdAt: Math.floor(Date.now() / 1000) - 1000,
-            user: { sub: '123' },
-        }, 3600);
-        // Mock failed refresh
-        vi.mocked(oauth.refreshTokenGrantRequest).mockResolvedValue({});
-        const error = new oauth.ResponseBodyError('invalid_grant', {
-            cause: { error: 'invalid_grant' },
-            response: new Response()
-        });
-        vi.mocked(oauth.processRefreshTokenResponse).mockRejectedValue(error);
-        const res = await app.request('/api/me', {
-            headers: {
-                Cookie: `__Host-session=${sessionId}`,
-            },
-        });
-        expect(res.status).toBe(401);
-        // Check session deleted
-        expect(await adapter.get(sessionId)).toBeNull();
-    });
-    it('invalid JWT returns 401', async () => {
-        const sessionId = 'test-session-id';
-        await adapter.set(sessionId, {
-            accessToken: 'invalid-jwt',
-            refreshToken: 'refresh',
-            expiresAt: Math.floor(Date.now() / 1000) + 3600,
-            createdAt: Math.floor(Date.now() / 1000),
-            user: { sub: '123' },
-        }, 3600);
-        // Mock JWT validation failure
-        vi.mocked(oauth.validateJwtAccessToken).mockRejectedValue(new Error('Invalid token'));
-        const res = await app.request('/api/me', {
-            headers: {
-                Cookie: `__Host-session=${sessionId}`,
-            },
-        });
-        expect(res.status).toBe(401);
-    });
-    it('triggers refresh with 60s buffer', async () => {
-        const sessionId = 'test-session-id';
-        await adapter.set(sessionId, {
-            accessToken: 'near-expiry-token',
-            refreshToken: 'valid-refresh',
-            expiresAt: Math.floor(Date.now() / 1000) + 30, // expires in 30s
-            createdAt: Math.floor(Date.now() / 1000) - 1000,
-            user: { sub: '123' },
-        }, 3600);
-        vi.mocked(oauth.refreshTokenGrantRequest).mockResolvedValue({});
-        vi.mocked(oauth.processRefreshTokenResponse).mockResolvedValue({
-            access_token: 'new-token',
-            expires_in: 3600,
-            token_type: 'bearer',
-        });
-        vi.mocked(oauth.validateJwtAccessToken).mockResolvedValue({});
-        const res = await app.request('/api/me', {
-            headers: {
-                Cookie: `__Host-session=${sessionId}`,
-            },
-        });
-        expect(res.status).toBe(200);
-        const data = (await res.json());
-        expect(data.accessToken).toBe('new-token');
-    });
-    it('skips JWT validation when no audience is configured', async () => {
-        // Create a new app/middleware with no audience
-        const configNoAudience = {
-            issuer,
-            clientId: 'test-client-id',
-            clientSecret: 'test-client-secret',
-            // no audience
-            adapter,
-            baseUrl: 'https://app.test.com',
-        };
-        const authNoAudience = createBezzie(configNoAudience);
-        const appNoAudience = new Hono();
-        appNoAudience.use('/api/*', authNoAudience.middleware());
-        appNoAudience.get('/api/me', (c) => c.json({ ok: true }));
-        const sessionId = 'test-session-id';
-        await adapter.set(sessionId, {
-            accessToken: 'valid-token',
-            refreshToken: 'valid-refresh',
-            expiresAt: Math.floor(Date.now() / 1000) + 3600,
-            createdAt: Math.floor(Date.now() / 1000),
-            user: { sub: '123' },
-        }, 3600);
-        const res = await appNoAudience.request('/api/me', {
-            headers: {
-                Cookie: `__Host-session=${sessionId}`,
-            },
-        });
-        expect(res.status).toBe(200);
-        // Should NOT have called validateJwtAccessToken
-        expect(oauth.validateJwtAccessToken).not.toHaveBeenCalled();
-    });
-    it('skips JWT validation when validateAccessToken is false', async () => {
-        const configWithValidateFalse = {
-            issuer,
-            clientId: 'test-client-id',
-            clientSecret: 'test-client-secret',
-            audience: 'https://api.test.com',
-            adapter,
-            baseUrl: 'https://app.test.com',
-            validateAccessToken: false,
-        };
-        const authWithValidateFalse = createBezzie(configWithValidateFalse);
-        const appWithValidateFalse = new Hono();
-        appWithValidateFalse.use('/api/*', authWithValidateFalse.middleware());
-        appWithValidateFalse.get('/api/me', (c) => c.json({ ok: true }));
-        const sessionId = 'test-session-id';
-        await adapter.set(sessionId, {
-            accessToken: 'opaque-token',
-            refreshToken: 'valid-refresh',
-            expiresAt: Math.floor(Date.now() / 1000) + 3600,
-            createdAt: Math.floor(Date.now() / 1000),
-            user: { sub: '123' },
-        }, 3600);
-        const res = await appWithValidateFalse.request('/api/me', {
-            headers: {
-                Cookie: `__Host-session=${sessionId}`,
-            },
-        });
-        expect(res.status).toBe(200);
-        expect(oauth.validateJwtAccessToken).not.toHaveBeenCalled();
-    });
-    it('re-reads session from store when refresh fails with invalid_grant (race condition)', async () => {
-        const sessionId = 'test-session-id';
-        const user = { sub: 'user-123' };
-        const oldAccessToken = 'expired-token';
-        const newAccessToken = 'already-refreshed-token';
-        // Initial state: near-expiry token
-        await adapter.set(sessionId, {
-            accessToken: oldAccessToken,
-            refreshToken: 'valid-refresh',
-            expiresAt: Math.floor(Date.now() / 1000) + 30, // expires in 30s
-            createdAt: Math.floor(Date.now() / 1000),
-            user,
-        }, 86400);
-        // Mock failed refresh with invalid_grant
-        vi.mocked(oauth.refreshTokenGrantRequest).mockResolvedValue({});
-        const error = new oauth.ResponseBodyError('invalid_grant', {
-            cause: { error: 'invalid_grant' },
-            response: new Response()
-        });
-        vi.mocked(oauth.processRefreshTokenResponse).mockRejectedValue(error);
-        vi.mocked(oauth.validateJwtAccessToken).mockResolvedValue({});
-        const originalGet = adapter.get.bind(adapter);
-        let getCount = 0;
-        vi.spyOn(adapter, 'get').mockImplementation(async (id) => {
-            getCount++;
-            const result = await originalGet(id);
-            if (getCount === 1) {
-                // After first GET, update adapter to simulate concurrent refresh by another request
-                await adapter.set(id, {
-                    accessToken: newAccessToken,
-                    refreshToken: 'new-refresh',
-                    expiresAt: Math.floor(Date.now() / 1000) + 3600,
-                    createdAt: Math.floor(Date.now() / 1000),
-                    user,
-                }, 86400);
-            }
-            return result;
-        });
-        const res = await app.request('/api/me', {
-            headers: {
-                Cookie: `__Host-session=${sessionId}`,
-            },
-        });
-        expect(res.status).toBe(200);
-        const data = (await res.json());
-        expect(data.accessToken).toBe(newAccessToken);
-        // Verify it was re-read (1st in middleware start, 2nd after invalid_grant)
-        expect(getCount).toBe(2);
-    });
-    it('redirects to login when session is older than 90 days (absolute expiry)', async () => {
-        const sessionId = 'old-session-id';
-        const MAX_SESSION_AGE = 90 * 24 * 60 * 60;
-        await adapter.set(sessionId, {
-            accessToken: 'token',
-            refreshToken: 'refresh',
-            expiresAt: Math.floor(Date.now() / 1000) + 3600,
-            createdAt: Math.floor(Date.now() / 1000) - (MAX_SESSION_AGE + 1), // 90 days + 1 second ago
-            user: { sub: 'user-123' },
-        }, 3600);
-        const res = await app.request('/api/me', {
-            headers: {
-                Cookie: `__Host-session=${sessionId}`,
-            },
-        });
-        expect(res.status).toBe(302);
-        expect(res.headers.get('Location')).toBe('/auth/login');
-        // Session should be deleted from store
-        expect(await adapter.get(sessionId)).toBeNull();
-    });
-    it('redirects to custom login path when session is older than 90 days', async () => {
-        const configWithCustomLogin = {
-            issuer,
-            clientId: 'test-client-id',
-            clientSecret: 'test-client-secret',
-            adapter,
-            baseUrl: 'https://app.test.com',
-            loginPath: '/custom/login',
-        };
-        const authCustomLogin = createBezzie(configWithCustomLogin);
-        const appCustomLogin = new Hono();
-        appCustomLogin.use('/api/*', authCustomLogin.middleware());
-        const sessionId = 'old-session-id';
-        const MAX_SESSION_AGE = 90 * 24 * 60 * 60;
-        await adapter.set(sessionId, {
-            accessToken: 'token',
-            refreshToken: 'refresh',
-            expiresAt: Math.floor(Date.now() / 1000) + 3600,
-            createdAt: Math.floor(Date.now() / 1000) - (MAX_SESSION_AGE + 1),
-            user: { sub: 'user-123' },
-        }, 3600);
-        const res = await appCustomLogin.request('/api/me', {
-            headers: {
-                Cookie: `__Host-session=${sessionId}`,
-            },
-        });
-        expect(res.status).toBe(302);
-        expect(res.headers.get('Location')).toBe('/custom/login');
-    });
-});
-//# sourceMappingURL=middleware.test.js.map

package/dist/test/middleware.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"middleware.test.js","sourceRoot":"","sources":["../../test/middleware.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AAC7D,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,YAAY,EAAE,aAAa,EAA6C,MAAM,QAAQ,CAAA;AAC/F,OAAO,KAAK,KAAK,MAAM,cAAc,CAAA;AAErC,oBAAoB;AACpB,EAAE,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,IAAI,EAAE;IACjC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,cAAc,CAAC,CAAA;IACpD,OAAO;QACL,GAAG,MAAM;QACT,gBAAgB,EAAE,EAAE,CAAC,EAAE,EAAE;QACzB,wBAAwB,EAAE,EAAE,CAAC,EAAE,EAAE;QACjC,wBAAwB,EAAE,EAAE,CAAC,EAAE,EAAE;QACjC,2BAA2B,EAAE,EAAE,CAAC,EAAE,EAAE;QACpC,sBAAsB,EAAE,EAAE,CAAC,EAAE,EAAE;KAChC,CAAA;AACH,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,IAAI,OAAsB,CAAA;IAC1B,IAAI,IAAY,CAAA;IAChB,IAAI,GAAmC,CAAA;IACvC,MAAM,MAAM,GAAG,wBAAwB,CAAA;IAEvC,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,EAAE,CAAC,aAAa,EAAE,CAAA;QAClB,OAAO,GAAG,IAAI,aAAa,EAAE,CAAA;QAC7B,MAAM,MAAM,GAAG;YACb,MAAM;YACN,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,oBAAoB;YAClC,QAAQ,EAAE,sBAAsB;YAChC,OAAO;YACP,OAAO,EAAE,sBAAsB;SAChC,CAAA;QAED,IAAI,GAAG,YAAY,CAAC,MAAM,CAAC,CAAA;QAC3B,GAAG,GAAG,IAAI,IAAI,EAA4B,CAAA;QAE1C,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAA;QACpC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE;YACvB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC,CAAA;QAC3E,CAAC,CAAC,CAAA;QAEF,6BAA6B;QAC7B,MAAM,MAAM,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,OAAO,EAAE,CAAA;QACrD,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,iBAAiB,CAAC,EAAyB,CAAC,CAAA;QAC9E,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,iBAAiB,CAAC,MAAmC,CAAC,CAAA;IAClG,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;QACxC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;IAC/C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE;YACvC,OAAO,EAAE;gBACP,MAAM,EAAE,6BAA6B;aACtC;SACF,CAAC,CAAA;QACF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC9B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,SAAS,GAAG,iBAAiB,CAAA;QACnC,MAAM,IAAI,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAA;QAC3D,MAAM,OAAO,CAAC,GAAG,CACf,SAAS,EACT;YACE,WAAW,EAAE,aAAa;YAC1B,YAAY,EAAE,eAAe;YAC7B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI;YAC/C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACxC,IAAI;SACL,EACD,IAAI,CACL,CAAA;QAED,iCAAiC;QACjC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,iBAAiB,CAAC,EAAgC,CAAC,CAAA;QAE3F,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE;YACvC,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB,SAAS,EAAE;aACtC;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA6D,CAAA;QAC3F,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QAC/B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;IAC9C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,SAAS,GAAG,iBAAiB,CAAA;QACnC,MAAM,IAAI,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,CAAA;QAChC,MAAM,OAAO,CAAC,GAAG,CACf,SAAS,EACT;YACE,WAAW,EAAE,eAAe;YAC5B,YAAY,EAAE,eAAe;YAC7B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,kBAAkB;YACjE,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI;YAC/C,IAAI;SACL,EACD,KAAK,CACN,CAAA;QAED,0BAA0B;QAC1B,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,iBAAiB,CAAC,EAAc,CAAC,CAAA;QAC3E,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC,iBAAiB,CAAC;YAC7D,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,aAAa;YAC5B,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,QAAQ;SACU,CAAC,CAAA;QACjC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,iBAAiB,CAAC,EAAgC,CAAC,CAAA;QAE3F,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE;YACvC,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB,SAAS,EAAE;aACtC;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA6D,CAAA;QAC3F,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAE1C,wBAAwB;QACxB,MAAM,MAAM,GAAG,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAY,CAAA;QACxD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAC5C,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAC/C,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IAC7D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,SAAS,GAAG,iBAAiB,CAAA;QACnC,MAAM,OAAO,CAAC,GAAG,CACf,SAAS,EACT;YACE,WAAW,EAAE,eAAe;YAC5B,YAAY,EAAE,iBAAiB;YAC/B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE;YAC7C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI;YAC/C,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE;SACrB,EACD,IAAI,CACL,CAAA;QAED,sBAAsB;QACtB,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,iBAAiB,CAAC,EAAc,CAAC,CAAA;QAC3E,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,iBAAiB,CAAC,eAAe,EAAE;YACzD,KAAK,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE;YACjC,QAAQ,EAAE,IAAI,QAAQ,EAAE;SACzB,CAAC,CAAA;QACF,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAA;QAErE,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE;YACvC,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB,SAAS,EAAE;aACtC;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAE5B,wBAAwB;QACxB,MAAM,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IACjD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;QACvC,MAAM,SAAS,GAAG,iBAAiB,CAAA;QACnC,MAAM,OAAO,CAAC,GAAG,CACf,SAAS,EACT;YACE,WAAW,EAAE,aAAa;YAC1B,YAAY,EAAE,SAAS;YACvB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI;YAC/C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACxC,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE;SACrB,EACD,IAAI,CACL,CAAA;QAED,8BAA8B;QAC9B,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC,CAAA;QAErF,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE;YACvC,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB,SAAS,EAAE;aACtC;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC9B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,SAAS,GAAG,iBAAiB,CAAA;QACnC,MAAM,OAAO,CAAC,GAAG,CACf,SAAS,EACT;YACE,WAAW,EAAE,mBAAmB;YAChC,YAAY,EAAE,eAAe;YAC7B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,iBAAiB;YAChE,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI;YAC/C,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE;SACrB,EACD,IAAI,CACL,CAAA;QAED,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,iBAAiB,CAAC,EAAc,CAAC,CAAA;QAC3E,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC,iBAAiB,CAAC;YAC7D,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,QAAQ;SACU,CAAC,CAAA;QACjC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,iBAAiB,CAAC,EAAgC,CAAC,CAAA;QAE3F,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE;YACvC,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB,SAAS,EAAE;aACtC;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA6D,CAAA;QAC3F,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAC5C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,+CAA+C;QAC/C,MAAM,gBAAgB,GAAG;YACvB,MAAM;YACN,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,oBAAoB;YAClC,cAAc;YACd,OAAO;YACP,OAAO,EAAE,sBAAsB;SAChC,CAAA;QACD,MAAM,cAAc,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAA;QACrD,MAAM,aAAa,GAAG,IAAI,IAAI,EAAE,CAAA;QAChC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,UAAU,EAAE,CAAC,CAAA;QACxD,aAAa,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;QAEzD,MAAM,SAAS,GAAG,iBAAiB,CAAA;QACnC,MAAM,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE;YAC3B,WAAW,EAAE,aAAa;YAC1B,YAAY,EAAE,eAAe;YAC7B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI;YAC/C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACxC,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE;SACrB,EAAE,IAAI,CAAC,CAAA;QAER,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,SAAS,EAAE;YACjD,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB,SAAS,EAAE;aACtC;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,gDAAgD;QAChD,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAC7D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,uBAAuB,GAAG;YAC9B,MAAM;YACN,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,oBAAoB;YAClC,QAAQ,EAAE,sBAAsB;YAChC,OAAO;YACP,OAAO,EAAE,sBAAsB;YAC/B,mBAAmB,EAAE,KAAK;SAC3B,CAAA;QACD,MAAM,qBAAqB,GAAG,YAAY,CAAC,uBAAuB,CAAC,CAAA;QACnE,MAAM,oBAAoB,GAAG,IAAI,IAAI,EAAE,CAAA;QACvC,oBAAoB,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,UAAU,EAAE,CAAC,CAAA;QACtE,oBAAoB,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;QAEhE,MAAM,SAAS,GAAG,iBAAiB,CAAA;QACnC,MAAM,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE;YAC3B,WAAW,EAAE,cAAc;YAC3B,YAAY,EAAE,eAAe;YAC7B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI;YAC/C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACxC,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE;SACrB,EAAE,IAAI,CAAC,CAAA;QAER,MAAM,GAAG,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,SAAS,EAAE;YACxD,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB,SAAS,EAAE;aACtC;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IAC7D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,oFAAoF,EAAE,KAAK,IAAI,EAAE;QAClG,MAAM,SAAS,GAAG,iBAAiB,CAAA;QACnC,MAAM,IAAI,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,CAAA;QAChC,MAAM,cAAc,GAAG,eAAe,CAAA;QACtC,MAAM,cAAc,GAAG,yBAAyB,CAAA;QAEhD,mCAAmC;QACnC,MAAM,OAAO,CAAC,GAAG,CACf,SAAS,EACT;YACE,WAAW,EAAE,cAAc;YAC3B,YAAY,EAAE,eAAe;YAC7B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,iBAAiB;YAChE,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACxC,IAAI;SACL,EACD,KAAK,CACN,CAAA;QAED,yCAAyC;QACzC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,iBAAiB,CAAC,EAAc,CAAC,CAAA;QAC3E,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,iBAAiB,CAAC,eAAe,EAAE;YACzD,KAAK,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE;YACjC,QAAQ,EAAE,IAAI,QAAQ,EAAE;SACzB,CAAC,CAAA;QACF,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAA;QACrE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,iBAAiB,CAAC,EAAgC,CAAC,CAAA;QAE3F,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC7C,IAAI,QAAQ,GAAG,CAAC,CAAA;QAChB,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,kBAAkB,CAAC,KAAK,EAAE,EAAU,EAAE,EAAE;YAC/D,QAAQ,EAAE,CAAA;YACV,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,EAAE,CAAC,CAAA;YACpC,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;gBACnB,oFAAoF;gBACpF,MAAM,OAAO,CAAC,GAAG,CACf,EAAE,EACF;oBACE,WAAW,EAAE,cAAc;oBAC3B,YAAY,EAAE,aAAa;oBAC3B,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI;oBAC/C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;oBACxC,IAAI;iBACL,EACD,KAAK,CACN,CAAA;YACH,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC,CAAC,CAAA;QAEF,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE;YACvC,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB,SAAS,EAAE;aACtC;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA6D,CAAA;QAC3F,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;QAE7C,2EAA2E;QAC3E,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IAC1B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,MAAM,SAAS,GAAG,gBAAgB,CAAA;QAClC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;QACzC,MAAM,OAAO,CAAC,GAAG,CACf,SAAS,EACT;YACE,WAAW,EAAE,OAAO;YACpB,YAAY,EAAE,SAAS;YACvB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI;YAC/C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,eAAe,GAAG,CAAC,CAAC,EAAE,yBAAyB;YAC3F,IAAI,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE;SAC1B,EACD,IAAI,CACL,CAAA;QAED,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE;YACvC,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB,SAAS,EAAE;aACtC;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAEvD,uCAAuC;QACvC,MAAM,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IACjD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,qBAAqB,GAAG;YAC5B,MAAM;YACN,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,oBAAoB;YAClC,OAAO;YACP,OAAO,EAAE,sBAAsB;YAC/B,SAAS,EAAE,eAAe;SAC3B,CAAA;QACD,MAAM,eAAe,GAAG,YAAY,CAAC,qBAAqB,CAAC,CAAA;QAC3D,MAAM,cAAc,GAAG,IAAI,IAAI,EAAE,CAAA;QACjC,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,UAAU,EAAE,CAAC,CAAA;QAE1D,MAAM,SAAS,GAAG,gBAAgB,CAAA;QAClC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;QACzC,MAAM,OAAO,CAAC,GAAG,CACf,SAAS,EACT;YACE,WAAW,EAAE,OAAO;YACpB,YAAY,EAAE,SAAS;YACvB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI;YAC/C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,eAAe,GAAG,CAAC,CAAC;YAChE,IAAI,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE;SAC1B,EACD,IAAI,CACL,CAAA;QAED,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE;YAClD,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB,SAAS,EAAE;aACtC;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}

package/dist/test/routes.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=routes.test.d.ts.map

package/dist/test/routes.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"routes.test.d.ts","sourceRoot":"","sources":["../../test/routes.test.ts"],"names":[],"mappings":""}

package/dist/test/routes.test.js

@@ -1,284 +0,0 @@
-import { describe, it, expect, vi } from 'vitest';
-import { createBezzie, MemoryAdapter } from '../src';
-import * as oauth from 'oauth4webapi';
-// Mock oauth4webapi
-vi.mock('oauth4webapi', async () => {
-    const actual = await vi.importActual('oauth4webapi');
-    return {
-        ...actual,
-        discoveryRequest: vi.fn(),
-        processDiscoveryResponse: vi.fn(),
-        authorizationCodeGrantRequest: vi.fn(),
-        processAuthorizationCodeResponse: vi.fn(),
-        getValidatedIdTokenClaims: vi.fn(),
-    };
-});
-describe('OAuth Routes', () => {
-    const adapter = new MemoryAdapter();
-    const config = {
-        issuer: 'https://test.auth0.com',
-        clientId: 'test-client-id',
-        clientSecret: 'test-client-secret',
-        audience: 'https://api.test.com',
-        adapter,
-        baseUrl: 'https://app.test.com',
-    };
-    const auth = createBezzie(config);
-    const app = auth.routes();
-    describe('GET /login', () => {
-        it('redirects to the provider authorization URL', async () => {
-            auth.cache.cachedAS = null;
-            auth.cache.cacheExpiresAt = 0;
-            const mockAs = {
-                issuer: config.issuer,
-                authorization_endpoint: `${config.issuer}/authorize`
-            };
-            vi.mocked(oauth.discoveryRequest).mockResolvedValue({});
-            vi.mocked(oauth.processDiscoveryResponse).mockResolvedValue(mockAs);
-            const res = await app.request('/login');
-            expect(res.status).toBe(302);
-            const location = res.headers.get('Location');
-            expect(location).toContain(`${config.issuer}/authorize`);
-            expect(location).toContain(`client_id=${config.clientId}`);
-            expect(location).toContain('response_type=code');
-            expect(location).toContain(`redirect_uri=${encodeURIComponent(config.baseUrl + '/auth/callback')}`);
-            expect(location).toContain('scope=openid+profile+email+offline_access');
-            expect(location).toContain('code_challenge=');
-            expect(location).toContain('code_challenge_method=S256');
-            expect(location).toContain(`audience=${encodeURIComponent(config.audience)}`);
-        });
-        it('stores PKCE state in adapter', async () => {
-            auth.cache.cachedAS = null;
-            auth.cache.cacheExpiresAt = 0;
-            const mockAs = {
-                issuer: config.issuer,
-                authorization_endpoint: `${config.issuer}/authorize`
-            };
-            vi.mocked(oauth.discoveryRequest).mockResolvedValue({});
-            vi.mocked(oauth.processDiscoveryResponse).mockResolvedValue(mockAs);
-            const res = await app.request('/login');
-            const location = new URL(res.headers.get('Location'));
-            const state = location.searchParams.get('state');
-            const stored = await adapter.get(`pkce:${state}`);
-            expect(stored).toBeDefined();
-            expect(typeof stored.codeVerifier).toBe('string');
-        });
-        it('stores returnTo in PKCE state if provided', async () => {
-            auth.cache.cachedAS = null;
-            auth.cache.cacheExpiresAt = 0;
-            const mockAs = {
-                issuer: config.issuer,
-                authorization_endpoint: `${config.issuer}/authorize`
-            };
-            vi.mocked(oauth.discoveryRequest).mockResolvedValue({});
-            vi.mocked(oauth.processDiscoveryResponse).mockResolvedValue(mockAs);
-            const res = await app.request('/login?returnTo=/dashboard');
-            const location = new URL(res.headers.get('Location'));
-            const state = location.searchParams.get('state');
-            const stored = await adapter.get(`pkce:${state}`);
-            expect(stored.returnTo).toBe('/dashboard');
-        });
-    });
-    describe('GET /callback', () => {
-        it('returns 400 with error parameter', async () => {
-            const res = await app.request('/callback?error=access_denied');
-            expect(res.status).toBe(400);
-            expect(await res.text()).toBe('OAuth error: access_denied');
-        });
-        it('returns 400 with invalid state', async () => {
-            const res = await app.request('/callback?state=invalid&code=123');
-            expect(res.status).toBe(400);
-            expect(await res.text()).toBe('Invalid or expired state');
-        });
-        it('with valid state exchanges code, stores session, sets cookie, redirects', async () => {
-            const state = 'test-state';
-            const code = 'test-code';
-            const codeVerifier = 'test-verifier';
-            await adapter.set(`pkce:${state}`, { codeVerifier }, 600);
-            // Setup mocks
-            const mockAs = { issuer: config.issuer };
-            vi.mocked(oauth.discoveryRequest).mockResolvedValue({});
-            vi.mocked(oauth.processDiscoveryResponse).mockResolvedValue(mockAs);
-            vi.mocked(oauth.authorizationCodeGrantRequest).mockResolvedValue({});
-            vi.mocked(oauth.processAuthorizationCodeResponse).mockResolvedValue({
-                access_token: 'mock-access-token',
-                refresh_token: 'mock-refresh-token',
-                expires_in: 3600,
-                id_token: 'mock-id-token',
-            });
-            vi.mocked(oauth.getValidatedIdTokenClaims).mockReturnValue({
-                sub: 'user-123',
-                email: 'user@example.com',
-            });
-            const res = await app.request(`/callback?state=${state}&code=${code}`);
-            expect(res.status).toBe(302);
-            expect(res.headers.get('Location')).toBe('/');
-            // Check cookie
-            const cookie = res.headers.get('Set-Cookie');
-            expect(cookie).toContain('__Host-session=');
-            expect(cookie).toContain('HttpOnly');
-            expect(cookie).toContain('Secure');
-            expect(cookie).toContain('SameSite=Strict');
-            expect(cookie).toContain('Max-Age=2592000');
-            // Check session in adapter
-            const sessionId = cookie.match(/__Host-session=([^;]+)/)[1];
-            const session = await adapter.get(sessionId);
-            expect(session).toBeDefined();
-            expect(session.accessToken).toBe('mock-access-token');
-            expect(session.idToken).toBe('mock-id-token');
-            expect(session.user.sub).toBe('user-123');
-            expect(session.createdAt).toBeTypeOf('number');
-            expect(session.createdAt).toBeLessThanOrEqual(Math.floor(Date.now() / 1000));
-            expect(await adapter.get(`pkce:${state}`)).toBeNull();
-        });
-        it('redirects to returnTo after successful login', async () => {
-            const state = 'test-state-ret';
-            const code = 'test-code';
-            const codeVerifier = 'test-verifier';
-            const returnTo = '/dashboard';
-            await adapter.set(`pkce:${state}`, { codeVerifier, returnTo }, 600);
-            // Setup mocks
-            const mockAs = { issuer: config.issuer };
-            vi.mocked(oauth.discoveryRequest).mockResolvedValue({});
-            vi.mocked(oauth.processDiscoveryResponse).mockResolvedValue(mockAs);
-            vi.mocked(oauth.authorizationCodeGrantRequest).mockResolvedValue({});
-            vi.mocked(oauth.processAuthorizationCodeResponse).mockResolvedValue({
-                access_token: 'mock-access-token',
-                expires_in: 3600,
-                id_token: 'mock-id-token',
-            });
-            vi.mocked(oauth.getValidatedIdTokenClaims).mockReturnValue({
-                sub: 'user-123',
-            });
-            const res = await app.request(`/callback?state=${state}&code=${code}`);
-            expect(res.status).toBe(302);
-            expect(res.headers.get('Location')).toBe('/dashboard');
-        });
-        it('rejects external returnTo and falls back to /', async () => {
-            const state = 'test-state-evil';
-            const code = 'test-code';
-            const codeVerifier = 'test-verifier';
-            const returnTo = 'https://evil.com/malicious';
-            await adapter.set(`pkce:${state}`, { codeVerifier, returnTo }, 600);
-            const res = await app.request(`/callback?state=${state}&code=${code}`);
-            expect(res.status).toBe(302);
-            expect(res.headers.get('Location')).toBe('/');
-        });
-        it('rejects protocol-relative returnTo (//) and falls back to /', async () => {
-            const state = 'test-state-proto';
-            const code = 'test-code';
-            const codeVerifier = 'test-verifier';
-            const returnTo = '//evil.com';
-            await adapter.set(`pkce:${state}`, { codeVerifier, returnTo }, 600);
-            const res = await app.request(`/callback?state=${state}&code=${code}`);
-            expect(res.status).toBe(302);
-            expect(res.headers.get('Location')).toBe('/');
-        });
-    });
-    describe('POST /logout', () => {
-        it('redirects to / if no logout URL can be determined', async () => {
-            auth.cache.cachedAS = null;
-            auth.cache.cacheExpiresAt = 0;
-            const mockAs = { issuer: config.issuer };
-            vi.mocked(oauth.discoveryRequest).mockResolvedValue({});
-            vi.mocked(oauth.processDiscoveryResponse).mockResolvedValue(mockAs);
-            const res = await app.request('/logout', { method: 'POST' });
-            expect(res.status).toBe(302);
-            expect(res.headers.get('Location')).toBe('/');
-        });
-        it('uses providerHints.logoutUrl if provided', async () => {
-            const customConfig = { ...config, providerHints: { logoutUrl: 'https://test.auth0.com/v2/logout' } };
-            const customAuth = createBezzie(customConfig);
-            const customApp = customAuth.routes();
-            const mockAs = { issuer: customConfig.issuer };
-            vi.mocked(oauth.discoveryRequest).mockResolvedValue({});
-            vi.mocked(oauth.processDiscoveryResponse).mockResolvedValue(mockAs);
-            const res = await customApp.request('/logout', { method: 'POST' });
-            expect(res.status).toBe(302);
-            const location = res.headers.get('Location');
-            expect(location).toContain('https://test.auth0.com/v2/logout');
-            expect(location).toContain(`client_id=${customConfig.clientId}`);
-            expect(location).toContain(`returnTo=${encodeURIComponent(customConfig.baseUrl)}`);
-        });
-        it('redirects to OIDC end_session_endpoint if available', async () => {
-            auth.cache.cachedAS = null;
-            auth.cache.cacheExpiresAt = 0;
-            const mockAs = {
-                issuer: config.issuer,
-                end_session_endpoint: `${config.issuer}/oidc/logout`
-            };
-            vi.mocked(oauth.discoveryRequest).mockResolvedValue({});
-            vi.mocked(oauth.processDiscoveryResponse).mockResolvedValue(mockAs);
-            const res = await app.request('/logout', { method: 'POST' });
-            expect(res.status).toBe(302);
-            const location = res.headers.get('Location');
-            expect(location).toContain(`${config.issuer}/oidc/logout`);
-            expect(location).toContain(`client_id=${config.clientId}`);
-            expect(location).toContain(`post_logout_redirect_uri=${encodeURIComponent(config.baseUrl)}`);
-        });
-        it('with valid session cookie - deletes session from adapter, clears cookie, and adds id_token_hint', async () => {
-            auth.cache.cachedAS = null;
-            auth.cache.cacheExpiresAt = 0;
-            const sessionId = 'test-session-id';
-            const idToken = 'mock-id-token';
-            await adapter.set(sessionId, {
-                accessToken: 'test',
-                refreshToken: 'refresh',
-                idToken,
-                expiresAt: Math.floor(Date.now() / 1000) + 3600,
-                createdAt: Math.floor(Date.now() / 1000),
-                user: { sub: 'user-123' },
-            }, 3600);
-            const mockAs = {
-                issuer: config.issuer,
-                end_session_endpoint: `${config.issuer}/logout`
-            };
-            vi.mocked(oauth.discoveryRequest).mockResolvedValue({});
-            vi.mocked(oauth.processDiscoveryResponse).mockResolvedValue(mockAs);
-            const res = await app.request('/logout', {
-                method: 'POST',
-                headers: {
-                    Cookie: `__Host-session=${sessionId}`,
-                },
-            });
-            expect(res.status).toBe(302);
-            const location = res.headers.get('Location');
-            expect(location).toContain(`id_token_hint=${idToken}`);
-            // Check cookie cleared
-            const setCookie = res.headers.get('Set-Cookie');
-            expect(setCookie).toContain('__Host-session=;');
-            expect(setCookie).toContain('Max-Age=0');
-            // Check session deleted from adapter
-            expect(await adapter.get(sessionId)).toBeNull();
-        });
-        it('uses providerHints.logoutUrl and adds id_token_hint if session present', async () => {
-            const customConfig = { ...config, providerHints: { logoutUrl: 'https://test.auth0.com/v2/logout' } };
-            const customAuth = createBezzie(customConfig);
-            const customApp = customAuth.routes();
-            const sessionId = 'test-session-id';
-            const idToken = 'mock-id-token';
-            await adapter.set(sessionId, {
-                accessToken: 'test',
-                idToken,
-                expiresAt: Math.floor(Date.now() / 1000) + 3600,
-                createdAt: Math.floor(Date.now() / 1000),
-                user: { sub: 'user-123' },
-            }, 3600);
-            const mockAs = { issuer: customConfig.issuer };
-            vi.mocked(oauth.discoveryRequest).mockResolvedValue({});
-            vi.mocked(oauth.processDiscoveryResponse).mockResolvedValue(mockAs);
-            const res = await customApp.request('/logout', {
-                method: 'POST',
-                headers: {
-                    Cookie: `__Host-session=${sessionId}`,
-                },
-            });
-            expect(res.status).toBe(302);
-            const location = res.headers.get('Location');
-            expect(location).toContain('https://test.auth0.com/v2/logout');
-            expect(location).toContain(`client_id=${customConfig.clientId}`);
-            expect(location).toContain(`id_token_hint=${idToken}`);
-        });
-    });
-});
-//# sourceMappingURL=routes.test.js.map