bezzie 0.1.7 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +42 -18
- package/dist/adapters/types.d.ts +5 -0
- package/dist/adapters/types.d.ts.map +1 -1
- package/dist/routes.d.ts.map +1 -1
- package/dist/routes.js +26 -3
- package/dist/routes.js.map +1 -1
- package/package.json +12 -2
package/README.md
CHANGED
|
@@ -56,6 +56,14 @@ Done. Your app now has BCP212-compliant BFF auth.
|
|
|
56
56
|
|
|
57
57
|
---
|
|
58
58
|
|
|
59
|
+
## Demo
|
|
60
|
+
|
|
61
|
+
See the full BFF flow in action: [bezzie-demo.neilmason.dev](https://bezzie-demo.neilmason.dev)
|
|
62
|
+
|
|
63
|
+
Source: [github.com/neilpmas/bezzie-demo](https://github.com/neilpmas/bezzie-demo)
|
|
64
|
+
|
|
65
|
+
---
|
|
66
|
+
|
|
59
67
|
## Why
|
|
60
68
|
|
|
61
69
|
Most OAuth libraries hand tokens directly to the browser. BCP212 says you shouldn't — it's a significant attack surface. Bezzie keeps tokens server-side in Cloudflare KV and gives the browser a session cookie instead.
|
|
@@ -131,18 +139,44 @@ app.all('/api/proxy/*', async (c) => {
|
|
|
131
139
|
|
|
132
140
|
## How It Works
|
|
133
141
|
|
|
134
|
-
###
|
|
142
|
+
### System context
|
|
135
143
|
|
|
144
|
+
```mermaid
|
|
145
|
+
C4Context
|
|
146
|
+
title System Context — Bezzie
|
|
147
|
+
|
|
148
|
+
Person(user, "User", "Browser application user")
|
|
149
|
+
System(bezzie, "Cloudflare Worker (bezzie)", "BFF: owns the OAuth flow, issues session cookies to the browser")
|
|
150
|
+
System_Ext(idp, "Identity Provider", "Auth0 / Okta / Keycloak / Google — issues tokens")
|
|
151
|
+
System_Ext(upstream, "Upstream API", "Your backend — trusts Bearer tokens forwarded by the Worker")
|
|
152
|
+
|
|
153
|
+
Rel(user, bezzie, "HTTPS requests + session cookie")
|
|
154
|
+
Rel(bezzie, idp, "OIDC discovery, token exchange, token refresh")
|
|
155
|
+
Rel(bezzie, upstream, "Proxied requests with Authorization: Bearer")
|
|
156
|
+
Rel(idp, user, "Redirect back after login")
|
|
136
157
|
```
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
158
|
+
|
|
159
|
+
### Containers
|
|
160
|
+
|
|
161
|
+
```mermaid
|
|
162
|
+
C4Container
|
|
163
|
+
title Container — bezzie deployment
|
|
164
|
+
|
|
165
|
+
Person(user, "User")
|
|
166
|
+
Container(spa, "React SPA", "Cloudflare Pages", "Public landing page + protected dashboard")
|
|
167
|
+
Container(worker, "Cloudflare Worker", "Hono + bezzie", "BFF: auth routes + request middleware + token management")
|
|
168
|
+
ContainerDb(kv, "Cloudflare KV", "KVNamespace", "Stores sessions and PKCE state")
|
|
169
|
+
System_Ext(idp, "Identity Provider", "Auth0 / Okta / Keycloak")
|
|
170
|
+
System_Ext(upstream, "Upstream API", "Backend services")
|
|
171
|
+
|
|
172
|
+
Rel(user, spa, "HTTPS")
|
|
173
|
+
Rel(spa, worker, "API calls + __Host-session cookie")
|
|
174
|
+
Rel(worker, kv, "Session read / write / delete")
|
|
175
|
+
Rel(worker, idp, "OIDC discovery + token exchange + token refresh + JWKS")
|
|
176
|
+
Rel(worker, upstream, "Authorization: Bearer {accessToken}")
|
|
143
177
|
```
|
|
144
178
|
|
|
145
|
-
### Per-
|
|
179
|
+
### Per-request flow
|
|
146
180
|
|
|
147
181
|
1. Browser sends request to BFF with session cookie
|
|
148
182
|
2. BFF looks up session in KV, retrieves access token
|
|
@@ -150,16 +184,6 @@ Browser → BFF /auth/login → Auth0 (Authorization Code + PKCE)
|
|
|
150
184
|
4. If expired, BFF uses refresh token to get a new one and updates KV
|
|
151
185
|
5. BFF forwards request upstream with `Authorization: Bearer <token>`
|
|
152
186
|
|
|
153
|
-
### Session Storage
|
|
154
|
-
|
|
155
|
-
Sessions are stored in Cloudflare KV:
|
|
156
|
-
|
|
157
|
-
```
|
|
158
|
-
sessionId → { accessToken, refreshToken, expiresAt, user }
|
|
159
|
-
```
|
|
160
|
-
|
|
161
|
-
KV TTL is aligned with the refresh token lifetime. When the refresh token expires, the user must log in again.
|
|
162
|
-
|
|
163
187
|
---
|
|
164
188
|
|
|
165
189
|
## Adapters
|
package/dist/adapters/types.d.ts
CHANGED
|
@@ -15,6 +15,11 @@ export interface PKCEState {
|
|
|
15
15
|
* URL to redirect to after successful authentication.
|
|
16
16
|
*/
|
|
17
17
|
returnTo?: string;
|
|
18
|
+
/**
|
|
19
|
+
* CSRF token bound to the user's browser session via the `__Host-pkce-csrf` cookie.
|
|
20
|
+
* Used to prevent login-CSRF attacks (S4).
|
|
21
|
+
*/
|
|
22
|
+
csrfToken: string;
|
|
18
23
|
}
|
|
19
24
|
/**
|
|
20
25
|
* Interface for session storage adapters.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAEpC;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IACb;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC7F;;;;;OAKG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,GAAG,IAAI,CAAC,CAAA;IAElE;;;;;;OAMG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE9F;;;;OAIG;IACH,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CACzC"}
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAEpC;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IACb;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IACpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC7F;;;;;OAKG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,GAAG,IAAI,CAAC,CAAA;IAElE;;;;;;OAMG;IACH,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE9F;;;;OAIG;IACH,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CACzC"}
|
package/dist/routes.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAG3B,OAAO,EAA0B,KAAK,cAAc,EAAE,MAAM,aAAa,CAAA;AAEzE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C,wBAAgB,UAAU,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxF,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,EAC3B,KAAK,EAAE,cAAc,
|
|
1
|
+
{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAG3B,OAAO,EAA0B,KAAK,cAAc,EAAE,MAAM,aAAa,CAAA;AAEzE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C,wBAAgB,UAAU,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxF,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,EAC3B,KAAK,EAAE,cAAc,8EA+MtB"}
|
package/dist/routes.js
CHANGED
|
@@ -9,9 +9,19 @@ export function authRoutes(config, cache) {
|
|
|
9
9
|
const code_verifier = oauth.generateRandomCodeVerifier();
|
|
10
10
|
const code_challenge = await oauth.calculatePKCECodeChallenge(code_verifier);
|
|
11
11
|
const state = oauth.generateRandomState();
|
|
12
|
+
const csrfToken = oauth.generateRandomState();
|
|
12
13
|
const returnTo = c.req.query('returnTo');
|
|
13
|
-
// Store state and
|
|
14
|
-
await config.adapter.set(`pkce:${state}`, { _type: 'pkce', codeVerifier: code_verifier, returnTo }, config.pkceStateTtlSeconds ?? 600); // 10 minutes
|
|
14
|
+
// Store state, codeVerifier and csrfToken in adapter
|
|
15
|
+
await config.adapter.set(`pkce:${state}`, { _type: 'pkce', codeVerifier: code_verifier, returnTo, csrfToken }, config.pkceStateTtlSeconds ?? 600); // 10 minutes
|
|
16
|
+
// Bind the PKCE state to the user's browser session via a short-lived cookie
|
|
17
|
+
// to prevent login-CSRF (S4).
|
|
18
|
+
setCookie(c, '__Host-pkce-csrf', csrfToken, {
|
|
19
|
+
httpOnly: true,
|
|
20
|
+
secure: true,
|
|
21
|
+
sameSite: 'Strict',
|
|
22
|
+
path: '/',
|
|
23
|
+
maxAge: 600,
|
|
24
|
+
});
|
|
15
25
|
const as = await getAuthorizationServer(config, cache);
|
|
16
26
|
if (!as.authorization_endpoint) {
|
|
17
27
|
return c.text('Missing authorization_endpoint', 500);
|
|
@@ -48,8 +58,21 @@ export function authRoutes(config, cache) {
|
|
|
48
58
|
if (!stored) {
|
|
49
59
|
return c.text('Invalid or expired state', 400);
|
|
50
60
|
}
|
|
51
|
-
const { codeVerifier, returnTo } = stored;
|
|
61
|
+
const { codeVerifier, returnTo, csrfToken: storedCsrfToken } = stored;
|
|
62
|
+
// Login-CSRF protection (S4): the cookie set at /login must match the
|
|
63
|
+
// csrfToken stored alongside the PKCE state in KV.
|
|
64
|
+
const cookieCsrfToken = getCookie(c, '__Host-pkce-csrf');
|
|
65
|
+
if (!cookieCsrfToken || !storedCsrfToken || cookieCsrfToken !== storedCsrfToken) {
|
|
66
|
+
return c.text('Invalid CSRF token', 400);
|
|
67
|
+
}
|
|
52
68
|
await config.adapter.delete(`pkce:${state}`);
|
|
69
|
+
// Clear the CSRF cookie now that it has served its purpose.
|
|
70
|
+
deleteCookie(c, '__Host-pkce-csrf', {
|
|
71
|
+
path: '/',
|
|
72
|
+
secure: true,
|
|
73
|
+
httpOnly: true,
|
|
74
|
+
sameSite: 'Strict',
|
|
75
|
+
});
|
|
53
76
|
const as = await getAuthorizationServer(config, cache);
|
|
54
77
|
const client = { client_id: config.clientId };
|
|
55
78
|
const clientAuth = oauth.ClientSecretPost(config.clientSecret);
|
package/dist/routes.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"routes.js","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAChE,OAAO,KAAK,KAAK,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,sBAAsB,EAAuB,MAAM,aAAa,CAAA;AAIzE,MAAM,UAAU,UAAU,CACxB,MAA2B,EAC3B,KAAqB;IAErB,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAA;IACzB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAA;IAEnC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC/B,MAAM,aAAa,GAAG,KAAK,CAAC,0BAA0B,EAAE,CAAA;QACxD,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAA;QAC5E,MAAM,KAAK,GAAG,KAAK,CAAC,mBAAmB,EAAE,CAAA;
|
|
1
|
+
{"version":3,"file":"routes.js","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAChE,OAAO,KAAK,KAAK,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,sBAAsB,EAAuB,MAAM,aAAa,CAAA;AAIzE,MAAM,UAAU,UAAU,CACxB,MAA2B,EAC3B,KAAqB;IAErB,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAA;IACzB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAA;IAEnC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC/B,MAAM,aAAa,GAAG,KAAK,CAAC,0BAA0B,EAAE,CAAA;QACxD,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAA;QAC5E,MAAM,KAAK,GAAG,KAAK,CAAC,mBAAmB,EAAE,CAAA;QACzC,MAAM,SAAS,GAAG,KAAK,CAAC,mBAAmB,EAAE,CAAA;QAE7C,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;QAExC,qDAAqD;QACrD,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAe,EAAE,MAAM,CAAC,mBAAmB,IAAI,GAAG,CAAC,CAAA,CAAC,aAAa;QAE5K,6EAA6E;QAC7E,8BAA8B;QAC9B,SAAS,CAAC,CAAC,EAAE,kBAAkB,EAAE,SAAS,EAAE;YAC1C,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,GAAG;SACZ,CAAC,CAAA;QAEF,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QACtD,IAAI,CAAC,EAAE,CAAC,sBAAsB,EAAE,CAAC;YAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,gCAAgC,EAAE,GAAG,CAAC,CAAA;QACtD,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,sBAAsB,CAAC,CAAA;QAC3D,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;QAC/D,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAA;QAC1D,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,MAAM,CAAC,OAAO,gBAAgB,CAAC,CAAA;QACpF,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QACzH,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACjD,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAA;QACnE,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAA;QAClE,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,gBAAgB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;QAED,OAAO,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC,CAAA;IAChD,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAClC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,cAAc,GAA2B;gBAC7C,aAAa,EAAE,oBAAoB;gBACnC,uBAAuB,EAAE,4DAA4D;gBACrF,YAAY,EAAE,uCAAuC;aACtD,CAAA;YACD,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,IAAI,wBAAwB,EAAE,GAAG,CAAC,CAAA;QACvE,CAAC;QACD,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAEhC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,IAAI,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAA;QAC7C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,EAAE,CAAc,CAAA;QACrE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,CAAC,IAAI,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAA;QAChD,CAAC;QACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,MAAM,CAAA;QAErE,sEAAsE;QACtE,mDAAmD;QACnD,MAAM,eAAe,GAAG,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAA;QACxD,IAAI,CAAC,eAAe,IAAI,CAAC,eAAe,IAAI,eAAe,KAAK,eAAe,EAAE,CAAC;YAChF,OAAO,CAAC,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAA;QAC1C,CAAC;QAED,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,KAAK,EAAE,CAAC,CAAA;QAE5C,4DAA4D;QAC5D,YAAY,CAAC,CAAC,EAAE,kBAAkB,EAAE;YAClC,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,QAAQ;SACnB,CAAC,CAAA;QAEF,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAEtD,MAAM,MAAM,GAAiB,EAAE,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAA;QAC3D,MAAM,UAAU,GAAG,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;QAE9D,MAAM,cAAc,GAAG,KAAK,CAAC,oBAAoB,CAC/C,EAAE,EACF,MAAM,EACN,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,YAAY,EAC/B,KAAK,CAAC,cAAc,CACrB,CAAA;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,6BAA6B,CACxD,EAAE,EACF,MAAM,EACN,UAAU,EACV,cAAc,EACd,GAAG,MAAM,CAAC,OAAO,gBAAgB,EACjC,YAAY,CACb,CAAA;QAED,IAAI,MAAmC,CAAA;QACvC,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,KAAK,CAAC,gCAAgC,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;QAC7E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,KAAK,CAAC,iBAAiB,EAAE,CAAC;gBAC3C,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAA;YACvC,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;QACpE,MAAM,MAAM,GAAG,KAAK,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAA;QAEtD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sCAAsC,EAAE,EAAE,GAAG,CAAC,CAAA;QACvE,CAAC;QAED,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC,2HAA2H,CAAC,CAAA;QAC3I,CAAC;QAED,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;aACrE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAA;QACX,MAAM,OAAO,GAAmB;YAC9B,KAAK,EAAE,SAAS;YAChB,WAAW,EAAE,YAAY;YACzB,YAAY,EAAE,aAAa;YAC3B,OAAO,EAAE,QAAQ;YACjB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC;YAC/D,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACxC,IAAI,EAAE;gBACJ,GAAG,MAAM;gBACT,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,KAAK,EAAE,MAAM,CAAC,KAA2B;aACY;SACxD,CAAA;QAED,0DAA0D;QAC1D,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;QAEzF,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,IAAI,gBAAgB,EAAE,SAAS,EAAE;YAC7D,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,kCAAkC;SAC1F,CAAC,CAAA;QAEF,IAAI,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACvE,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QAC7B,CAAC;QAED,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,IAAI,gBAAgB,CAAC,CAAA;QACrE,IAAI,OAA2B,CAAA;QAC/B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;YACjD,IAAI,OAAO,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAC3C,OAAO,GAAI,OAA0B,CAAC,OAAO,CAAA;YAC/C,CAAC;YACD,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACtC,CAAC;QAED,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,IAAI,gBAAgB,EAAE;YACrD,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,QAAQ;SACnB,CAAC,CAAA;QAEF,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAEtD,IAAI,SAAc,CAAA;QAClB,IAAI,MAAM,CAAC,aAAa,EAAE,SAAS,EAAE,CAAC;YACpC,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YACnD,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;YACxD,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;aAAM,IAAI,EAAE,CAAC,oBAAoB,EAAE,CAAC;YACnC,SAAS,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAA;YAC5C,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAA;YACxD,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,0BAA0B,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;YACtE,IAAI,OAAO,EAAE,CAAC;gBACZ,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,qDAAqD;YACrD,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QACxB,CAAC;QAED,OAAO,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAA;IACzC,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,13 +1,23 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "bezzie",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.2.2",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"sideEffects": false,
|
|
6
6
|
"engines": {
|
|
7
7
|
"node": ">=18"
|
|
8
8
|
},
|
|
9
9
|
"description": "BFF OAuth 2.0 auth library for Cloudflare Workers",
|
|
10
|
-
"keywords": [
|
|
10
|
+
"keywords": [
|
|
11
|
+
"hono",
|
|
12
|
+
"cloudflare-workers",
|
|
13
|
+
"oauth",
|
|
14
|
+
"oidc",
|
|
15
|
+
"auth",
|
|
16
|
+
"bff",
|
|
17
|
+
"session",
|
|
18
|
+
"jwt",
|
|
19
|
+
"pkce"
|
|
20
|
+
],
|
|
11
21
|
"main": "dist/index.js",
|
|
12
22
|
"types": "dist/index.d.ts",
|
|
13
23
|
"exports": {
|