covara 0.10.5 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -1
- package/dist/auth/index.d.ts +6 -0
- package/dist/auth/index.d.ts.map +1 -1
- package/dist/auth/index.js +3 -0
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/passport-bridge.d.ts +74 -0
- package/dist/auth/passport-bridge.d.ts.map +1 -0
- package/dist/auth/passport-bridge.js +147 -0
- package/dist/auth/passport-bridge.js.map +1 -0
- package/dist/auth/routes.d.ts +5 -1
- package/dist/auth/routes.d.ts.map +1 -1
- package/dist/auth/routes.js +77 -67
- package/dist/auth/routes.js.map +1 -1
- package/dist/auth/scope.d.ts.map +1 -1
- package/dist/auth/scope.js +5 -12
- package/dist/auth/scope.js.map +1 -1
- package/dist/auth/session.d.ts +71 -0
- package/dist/auth/session.d.ts.map +1 -0
- package/dist/auth/session.js +328 -0
- package/dist/auth/session.js.map +1 -0
- package/dist/auth/social.d.ts +34 -0
- package/dist/auth/social.d.ts.map +1 -0
- package/dist/auth/social.js +144 -0
- package/dist/auth/social.js.map +1 -0
- package/dist/cli/generate.js +1 -1
- package/dist/cli/templates/agents.d.ts.map +1 -1
- package/dist/cli/templates/agents.js +3 -0
- package/dist/cli/templates/agents.js.map +1 -1
- package/dist/cli/templates/frontend.d.ts +1 -1
- package/dist/cli/templates/frontend.d.ts.map +1 -1
- package/dist/cli/templates/frontend.js +4 -10
- package/dist/cli/templates/frontend.js.map +1 -1
- package/dist/cli/templates/index.d.ts +1 -1
- package/dist/cli/templates/index.d.ts.map +1 -1
- package/dist/cli/templates/index.js +3 -2
- package/dist/cli/templates/index.js.map +1 -1
- package/dist/cli/templates/source.d.ts +5 -4
- package/dist/cli/templates/source.d.ts.map +1 -1
- package/dist/cli/templates/source.js +48 -48
- package/dist/cli/templates/source.js.map +1 -1
- package/dist/client/index.d.ts +8 -0
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +41 -0
- package/dist/client/index.js.map +1 -1
- package/dist/client/live-store.d.ts.map +1 -1
- package/dist/client/live-store.js +25 -0
- package/dist/client/live-store.js.map +1 -1
- package/dist/client/react.d.ts +22 -0
- package/dist/client/react.d.ts.map +1 -1
- package/dist/client/react.js +64 -0
- package/dist/client/react.js.map +1 -1
- package/dist/client/types.d.ts +34 -0
- package/dist/client/types.d.ts.map +1 -1
- package/dist/index.d.ts +9 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -1
- package/dist/index.js.map +1 -1
- package/dist/oidc/backends/federated.d.ts.map +1 -1
- package/dist/oidc/backends/federated.js +4 -15
- package/dist/oidc/backends/federated.js.map +1 -1
- package/dist/oidc/backends/index.d.ts +1 -0
- package/dist/oidc/backends/index.d.ts.map +1 -1
- package/dist/oidc/backends/index.js +1 -0
- package/dist/oidc/backends/index.js.map +1 -1
- package/dist/oidc/backends/passport.d.ts +16 -0
- package/dist/oidc/backends/passport.d.ts.map +1 -0
- package/dist/oidc/backends/passport.js +127 -0
- package/dist/oidc/backends/passport.js.map +1 -0
- package/dist/oidc/complete-login.d.ts +18 -0
- package/dist/oidc/complete-login.d.ts.map +1 -0
- package/dist/oidc/complete-login.js +99 -0
- package/dist/oidc/complete-login.js.map +1 -0
- package/dist/oidc/index.d.ts +2 -1
- package/dist/oidc/index.d.ts.map +1 -1
- package/dist/oidc/index.js +2 -1
- package/dist/oidc/index.js.map +1 -1
- package/dist/oidc/provider.d.ts.map +1 -1
- package/dist/oidc/provider.js +25 -3
- package/dist/oidc/provider.js.map +1 -1
- package/dist/oidc/types.d.ts +9 -3
- package/dist/oidc/types.d.ts.map +1 -1
- package/dist/oidc/types.js.map +1 -1
- package/dist/oidc/ui/login.d.ts.map +1 -1
- package/dist/oidc/ui/login.js +7 -54
- package/dist/oidc/ui/login.js.map +1 -1
- package/package.json +3 -2
package/README.md
CHANGED
|
@@ -76,7 +76,8 @@ function TodoList() {
|
|
|
76
76
|
- **OIDC Provider** - Built-in OpenID Connect server with PKCE, token revocation (RFC 7009) and introspection (RFC 7662)
|
|
77
77
|
- **OIDC Hardening** - Component-wise redirect-URI validation, PKCE-required public clients (plain rejected), federated id_token verification, endpoint rate limiting, KV-backed stores by default
|
|
78
78
|
- **Dynamic Client Registration & Consent Revocation** - Opt-in `POST /register`, plus `POST /consent/revoke` and consent TTL
|
|
79
|
-
- **Federated Login** - Google, Microsoft, Okta, Auth0, Keycloak, custom
|
|
79
|
+
- **Federated Login** - Google, Microsoft, Okta, Auth0, Keycloak, custom (OIDC); plus `backends.passport` to use any Passport.js OAuth2 strategy (GitHub, Discord, …) as an upstream under your own OIDC provider
|
|
80
|
+
- **Social Login** - Drop in any Passport.js OAuth2 strategy (GitHub, Discord, Google, …) via `fromPassport`; runs on Node *and* Workers, with one-call `loginWithSocial` / `signInWith` on the client
|
|
80
81
|
- **JWT Auth** - JWT bearer adapter on the server, `JWTClient` + `useJWTAuth` hook on the client with pluggable token storage (localStorage, memory, AsyncStorage)
|
|
81
82
|
- **Session Auth** - Auth.js, Passport.js, and session adapters with session rotation on login
|
|
82
83
|
- **Multi-Factor Auth** - Opt-in TOTP MFA with backup codes
|
package/dist/auth/index.d.ts
CHANGED
|
@@ -16,6 +16,12 @@ export { validatePasswordStrength, enforcePasswordStrength, builtInPasswordDenyl
|
|
|
16
16
|
export { createAuthAdapter, createSessionStore, type AuthMode, type AuthConfig, type AuthConfigUser, type SessionStoreConfig, } from "./config.js";
|
|
17
17
|
export { AuthJsAdapter, createAuthJsAdapter } from "./adapters/authjs.js";
|
|
18
18
|
export { PassportAdapter, createPassportAdapter, fromPassportUser } from "./adapters/passport.js";
|
|
19
|
+
export { fromPassport, installFetchTransport, runStrategy, normalizePassportProfile, } from "./passport-bridge.js";
|
|
20
|
+
export type { SocialProvider, SocialAccount, NormalizedProfile, FromPassportOptions, PassportStrategyLike, PassportRequest, PassportOutcome, } from "./passport-bridge.js";
|
|
21
|
+
export { createSocialRouter, createKvSocialStateStore, } from "./social.js";
|
|
22
|
+
export type { SocialAuthOptions, SocialStateStore } from "./social.js";
|
|
23
|
+
export { cookieSession, jwtSession, fromAuthAdapter } from "./session.js";
|
|
24
|
+
export type { SessionStrategy, SessionUser, IssuedSession, CookieSessionOptions, JwtSessionOptions, } from "./session.js";
|
|
19
25
|
export { JWTAdapter, createJWTAdapter } from "./adapters/jwt.js";
|
|
20
26
|
export type { JWTConfig, JWTAdapterOptions, JWTPayload, JWTUser } from "./adapters/jwt.js";
|
|
21
27
|
export { OIDCAdapter, createOIDCAdapter, oidcProviders } from "./adapters/oidc.js";
|
package/dist/auth/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,iBAAiB,EACjB,KAAK,WAAW,GACjB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,aAAa,EACb,KAAK,oBAAoB,EACzB,KAAK,aAAa,GACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,8BAA8B,EAC9B,wBAAwB,EACxB,8BAA8B,EAC9B,UAAU,EACV,WAAW,EACX,SAAS,EACT,aAAa,EACb,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,uBAAuB,EACvB,wBAAwB,EACxB,eAAe,EACf,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,UAAU,EACV,mBAAmB,EACnB,gBAAgB,EAChB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,iBAAiB,GACvB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,KAAK,gBAAgB,GACtB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,mBAAmB,EACnB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,GACxB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,GAC5B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,kBAAkB,GACxB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC/F,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAC9D,YAAY,EAAE,SAAS,EAAE,iBAAiB,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACxF,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChF,YAAY,EACV,kBAAkB,EAClB,kBAAkB,EAClB,YAAY,EACZ,WAAW,EACX,QAAQ,GACT,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,uBAAuB,EACvB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,UAAU,CAAC;AAClB,YAAY,EACV,qBAAqB,EACrB,wBAAwB,EACxB,0BAA0B,EAC1B,oBAAoB,GACrB,MAAM,UAAU,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,iBAAiB,EACjB,KAAK,WAAW,GACjB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,aAAa,EACb,KAAK,oBAAoB,EACzB,KAAK,aAAa,GACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,8BAA8B,EAC9B,wBAAwB,EACxB,8BAA8B,EAC9B,UAAU,EACV,WAAW,EACX,SAAS,EACT,aAAa,EACb,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,uBAAuB,EACvB,wBAAwB,EACxB,eAAe,EACf,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,UAAU,EACV,mBAAmB,EACnB,gBAAgB,EAChB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,iBAAiB,GACvB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,KAAK,gBAAgB,GACtB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,mBAAmB,EACnB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,GACxB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,GAC5B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,kBAAkB,GACxB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC/F,OAAO,EACL,YAAY,EACZ,qBAAqB,EACrB,WAAW,EACX,wBAAwB,GACzB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,eAAe,EACf,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,kBAAkB,EAClB,wBAAwB,GACzB,MAAM,UAAU,CAAC;AAClB,YAAY,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACvE,YAAY,EACV,eAAe,EACf,WAAW,EACX,aAAa,EACb,oBAAoB,EACpB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAC9D,YAAY,EAAE,SAAS,EAAE,iBAAiB,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACxF,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChF,YAAY,EACV,kBAAkB,EAClB,kBAAkB,EAClB,YAAY,EACZ,WAAW,EACX,QAAQ,GACT,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,uBAAuB,EACvB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,UAAU,CAAC;AAClB,YAAY,EACV,qBAAqB,EACrB,wBAAwB,EACxB,0BAA0B,EAC1B,oBAAoB,GACrB,MAAM,UAAU,CAAC"}
|
package/dist/auth/index.js
CHANGED
|
@@ -16,6 +16,9 @@ export { validatePasswordStrength, enforcePasswordStrength, builtInPasswordDenyl
|
|
|
16
16
|
export { createAuthAdapter, createSessionStore, } from "./config.js";
|
|
17
17
|
export { AuthJsAdapter, createAuthJsAdapter } from "./adapters/authjs.js";
|
|
18
18
|
export { PassportAdapter, createPassportAdapter, fromPassportUser } from "./adapters/passport.js";
|
|
19
|
+
export { fromPassport, installFetchTransport, runStrategy, normalizePassportProfile, } from "./passport-bridge.js";
|
|
20
|
+
export { createSocialRouter, createKvSocialStateStore, } from "./social.js";
|
|
21
|
+
export { cookieSession, jwtSession, fromAuthAdapter } from "./session.js";
|
|
19
22
|
export { JWTAdapter, createJWTAdapter } from "./adapters/jwt.js";
|
|
20
23
|
export { OIDCAdapter, createOIDCAdapter, oidcProviders } from "./adapters/oidc.js";
|
|
21
24
|
export { KVSessionStore, createKVSessionStore, RedisSessionStore, createRedisSessionStore, DrizzleSessionStore, createDrizzleSessionStore, } from "./stores/index.js";
|
package/dist/auth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,iBAAiB,GAElB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,aAAa,GAGd,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,8BAA8B,EAC9B,wBAAwB,EACxB,8BAA8B,EAC9B,UAAU,EACV,WAAW,EACX,SAAS,EACT,aAAa,GAGd,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,uBAAuB,EACvB,wBAAwB,EACxB,eAAe,GAEhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,UAAU,EACV,mBAAmB,EACnB,gBAAgB,GAIjB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GAEtB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,mBAAmB,GAQpB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,GAGxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,GAKnB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC/F,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAShF,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,uBAAuB,EACvB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,UAAU,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,iBAAiB,GAElB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,aAAa,GAGd,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,8BAA8B,EAC9B,wBAAwB,EACxB,8BAA8B,EAC9B,UAAU,EACV,WAAW,EACX,SAAS,EACT,aAAa,GAGd,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,uBAAuB,EACvB,wBAAwB,EACxB,eAAe,GAEhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,UAAU,EACV,mBAAmB,EACnB,gBAAgB,GAIjB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GAEtB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,mBAAmB,GAQpB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,GAGxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,GAKnB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC/F,OAAO,EACL,YAAY,EACZ,qBAAqB,EACrB,WAAW,EACX,wBAAwB,GACzB,MAAM,mBAAmB,CAAC;AAU3B,OAAO,EACL,kBAAkB,EAClB,wBAAwB,GACzB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAQvE,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAShF,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,uBAAuB,EACvB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,UAAU,CAAC"}
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
export interface PassportStrategyLike {
|
|
2
|
+
name?: string;
|
|
3
|
+
authenticate(req: PassportRequest, options?: Record<string, unknown>): void;
|
|
4
|
+
_oauth2?: OAuthLikeClient;
|
|
5
|
+
}
|
|
6
|
+
interface OAuthLikeClient {
|
|
7
|
+
_request?: OAuthRequestFn;
|
|
8
|
+
_customHeaders?: Record<string, string>;
|
|
9
|
+
_accessTokenName?: string;
|
|
10
|
+
__covaraFetchTransport?: boolean;
|
|
11
|
+
}
|
|
12
|
+
type OAuthRequestFn = (method: string, url: string, headers: Record<string, string> | null, postBody: string | Buffer | null, accessToken: string | null, callback: (error: unknown, result?: string, response?: {
|
|
13
|
+
statusCode: number;
|
|
14
|
+
headers?: Record<string, string>;
|
|
15
|
+
}) => void) => void;
|
|
16
|
+
export interface PassportRequest {
|
|
17
|
+
query: Record<string, unknown>;
|
|
18
|
+
body?: Record<string, unknown>;
|
|
19
|
+
headers: Record<string, string>;
|
|
20
|
+
session: Record<string, unknown>;
|
|
21
|
+
url: string;
|
|
22
|
+
method: string;
|
|
23
|
+
connection: Record<string, unknown>;
|
|
24
|
+
}
|
|
25
|
+
export type PassportOutcome = {
|
|
26
|
+
kind: "redirect";
|
|
27
|
+
url: string;
|
|
28
|
+
status?: number;
|
|
29
|
+
} | {
|
|
30
|
+
kind: "success";
|
|
31
|
+
user: unknown;
|
|
32
|
+
info?: unknown;
|
|
33
|
+
} | {
|
|
34
|
+
kind: "fail";
|
|
35
|
+
challenge?: unknown;
|
|
36
|
+
status?: number;
|
|
37
|
+
} | {
|
|
38
|
+
kind: "error";
|
|
39
|
+
error: Error;
|
|
40
|
+
} | {
|
|
41
|
+
kind: "pass";
|
|
42
|
+
};
|
|
43
|
+
export interface NormalizedProfile {
|
|
44
|
+
id?: string;
|
|
45
|
+
email?: string | null;
|
|
46
|
+
name?: string | null;
|
|
47
|
+
image?: string | null;
|
|
48
|
+
username?: string | null;
|
|
49
|
+
raw: unknown;
|
|
50
|
+
}
|
|
51
|
+
export interface SocialAccount {
|
|
52
|
+
provider: string;
|
|
53
|
+
providerAccountId: string;
|
|
54
|
+
raw: unknown;
|
|
55
|
+
profile: NormalizedProfile;
|
|
56
|
+
info?: unknown;
|
|
57
|
+
}
|
|
58
|
+
export interface SocialProvider {
|
|
59
|
+
name: string;
|
|
60
|
+
scope?: string | string[];
|
|
61
|
+
authenticate(req: PassportRequest): Promise<PassportOutcome>;
|
|
62
|
+
toAccount(user: unknown, info?: unknown): SocialAccount;
|
|
63
|
+
}
|
|
64
|
+
export interface FromPassportOptions {
|
|
65
|
+
name?: string;
|
|
66
|
+
scope?: string | string[];
|
|
67
|
+
mapProfile?: (raw: unknown) => NormalizedProfile;
|
|
68
|
+
}
|
|
69
|
+
export declare const installFetchTransport: (strategy: PassportStrategyLike) => void;
|
|
70
|
+
export declare const runStrategy: (strategy: PassportStrategyLike, req: PassportRequest, options?: Record<string, unknown>) => Promise<PassportOutcome>;
|
|
71
|
+
export declare const normalizePassportProfile: (raw: unknown) => NormalizedProfile;
|
|
72
|
+
export declare const fromPassport: (strategy: PassportStrategyLike, options?: FromPassportOptions) => SocialProvider;
|
|
73
|
+
export {};
|
|
74
|
+
//# sourceMappingURL=passport-bridge.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"passport-bridge.d.ts","sourceRoot":"","sources":["../../src/auth/passport-bridge.ts"],"names":[],"mappings":"AAgBA,MAAM,WAAW,oBAAoB;IACnC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAE5E,OAAO,CAAC,EAAE,eAAe,CAAC;CAC3B;AAED,UAAU,eAAe;IACvB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,KAAK,cAAc,GAAG,CACpB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,EACtC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,EAChC,WAAW,EAAE,MAAM,GAAG,IAAI,EAC1B,QAAQ,EAAE,CACR,KAAK,EAAE,OAAO,EACd,MAAM,CAAC,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,KAChE,IAAI,KACN,IAAI,CAAC;AAEV,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,MAAM,eAAe,GACvB;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GAClD;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,OAAO,CAAC;IAAC,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAClD;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GACtD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAE,GAC/B;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,GAAG,EAAE,OAAO,CAAC;CACd;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IAGjB,iBAAiB,EAAE,MAAM,CAAC;IAK1B,GAAG,EAAE,OAAO,CAAC;IACb,OAAO,EAAE,iBAAiB,CAAC;IAC3B,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC7D,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,aAAa,CAAC;CACzD;AAED,MAAM,WAAW,mBAAmB;IAGlC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE1B,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,iBAAiB,CAAC;CAClD;AAGD,eAAO,MAAM,qBAAqB,GAAI,UAAU,oBAAoB,KAAG,IAwDtE,CAAC;AAGF,eAAO,MAAM,WAAW,GACtB,UAAU,oBAAoB,EAC9B,KAAK,eAAe,EACpB,UAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,KACpC,OAAO,CAAC,eAAe,CAyBtB,CAAC;AAOL,eAAO,MAAM,wBAAwB,GAAI,KAAK,OAAO,KAAG,iBAoCvD,CAAC;AAGF,eAAO,MAAM,YAAY,GACvB,UAAU,oBAAoB,EAC9B,UAAS,mBAAwB,KAChC,cA6BF,CAAC"}
|
|
@@ -0,0 +1,147 @@
|
|
|
1
|
+
// Run arbitrary Passport.js strategies inside Covara — on Node *and* Workers.
|
|
2
|
+
//
|
|
3
|
+
// Passport strategies do not actually need Express: `Strategy.authenticate(req)`
|
|
4
|
+
// only reads `req.query` / `req.headers` / `req.session` / `req.body` and signals
|
|
5
|
+
// its result through `this.success / fail / redirect / error / pass` — methods that
|
|
6
|
+
// Passport core injects, not Express. We inject them ourselves and synthesize a
|
|
7
|
+
// minimal `req` from a Web request.
|
|
8
|
+
//
|
|
9
|
+
// The only Workers blocker is that OAuth2 strategies do their HTTP through the old
|
|
10
|
+
// `node-oauth` package (`node:https`). All of node-oauth's requests funnel through
|
|
11
|
+
// one method, `oauth2._request(...)`, so we swap that for `fetch` — after which the
|
|
12
|
+
// entire `passport-oauth2` family does token exchange + profile fetch over `fetch`,
|
|
13
|
+
// i.e. runtime-agnostic. No dependency on `passport` is added; users bring their own
|
|
14
|
+
// strategy packages (`passport-github2`, `passport-discord`, ...).
|
|
15
|
+
// Swap node-oauth's single HTTP seam for `fetch`. Idempotent per client.
|
|
16
|
+
export const installFetchTransport = (strategy) => {
|
|
17
|
+
const oauth2 = strategy._oauth2;
|
|
18
|
+
if (!oauth2 || oauth2.__covaraFetchTransport)
|
|
19
|
+
return;
|
|
20
|
+
oauth2.__covaraFetchTransport = true;
|
|
21
|
+
const request = function (method, url, headers, postBody, accessToken, callback) {
|
|
22
|
+
const realHeaders = {
|
|
23
|
+
...(this._customHeaders ?? {}),
|
|
24
|
+
...(headers ?? {}),
|
|
25
|
+
};
|
|
26
|
+
// fetch manages these; node-oauth would set them on the raw request.
|
|
27
|
+
delete realHeaders.Host;
|
|
28
|
+
delete realHeaders.host;
|
|
29
|
+
delete realHeaders["Content-Length"];
|
|
30
|
+
delete realHeaders["Content-length"];
|
|
31
|
+
if (!realHeaders["User-Agent"])
|
|
32
|
+
realHeaders["User-Agent"] = "covara";
|
|
33
|
+
let finalUrl = url;
|
|
34
|
+
if (accessToken && !("Authorization" in realHeaders)) {
|
|
35
|
+
const u = new URL(url);
|
|
36
|
+
u.searchParams.set(this._accessTokenName ?? "access_token", accessToken);
|
|
37
|
+
finalUrl = u.toString();
|
|
38
|
+
}
|
|
39
|
+
const init = { method, headers: realHeaders };
|
|
40
|
+
if (method !== "GET" && method !== "HEAD" && postBody != null) {
|
|
41
|
+
init.body = typeof postBody === "string" ? postBody : postBody.toString();
|
|
42
|
+
}
|
|
43
|
+
fetch(finalUrl, init)
|
|
44
|
+
.then(async (res) => {
|
|
45
|
+
const text = await res.text();
|
|
46
|
+
const ok = (res.status >= 200 && res.status <= 299) ||
|
|
47
|
+
res.status === 301 ||
|
|
48
|
+
res.status === 302;
|
|
49
|
+
const responseHeaders = {};
|
|
50
|
+
res.headers.forEach((value, key) => {
|
|
51
|
+
responseHeaders[key] = value;
|
|
52
|
+
});
|
|
53
|
+
const response = { statusCode: res.status, headers: responseHeaders };
|
|
54
|
+
if (ok)
|
|
55
|
+
callback(null, text, response);
|
|
56
|
+
else
|
|
57
|
+
callback({ statusCode: res.status, data: text }, undefined, response);
|
|
58
|
+
})
|
|
59
|
+
.catch((e) => callback(e instanceof Error ? e : new Error(String(e))));
|
|
60
|
+
};
|
|
61
|
+
oauth2._request = request;
|
|
62
|
+
};
|
|
63
|
+
// Drive a strategy's authenticate() once, capturing its delegate outcome.
|
|
64
|
+
export const runStrategy = (strategy, req, options = {}) => new Promise((resolve) => {
|
|
65
|
+
let settled = false;
|
|
66
|
+
const done = (outcome) => {
|
|
67
|
+
if (settled)
|
|
68
|
+
return;
|
|
69
|
+
settled = true;
|
|
70
|
+
resolve(outcome);
|
|
71
|
+
};
|
|
72
|
+
const inst = Object.create(strategy);
|
|
73
|
+
inst.success = (user, info) => done({ kind: "success", user, info });
|
|
74
|
+
inst.fail = (challenge, status) => done({ kind: "fail", challenge, status });
|
|
75
|
+
inst.redirect = (url, status) => done({ kind: "redirect", url, status });
|
|
76
|
+
inst.error = (error) => done({ kind: "error", error });
|
|
77
|
+
inst.pass = () => done({ kind: "pass" });
|
|
78
|
+
try {
|
|
79
|
+
inst.authenticate(req, options);
|
|
80
|
+
}
|
|
81
|
+
catch (e) {
|
|
82
|
+
done({ kind: "error", error: e instanceof Error ? e : new Error(String(e)) });
|
|
83
|
+
}
|
|
84
|
+
});
|
|
85
|
+
const asString = (value) => value == null ? undefined : String(value);
|
|
86
|
+
// Normalize a standard passport `Profile` (id/displayName/emails/photos/...) and
|
|
87
|
+
// the looser raw-object shapes commonly returned by OAuth providers.
|
|
88
|
+
export const normalizePassportProfile = (raw) => {
|
|
89
|
+
if (!raw || typeof raw !== "object")
|
|
90
|
+
return { raw };
|
|
91
|
+
const p = raw;
|
|
92
|
+
const emails = p.emails;
|
|
93
|
+
const photos = p.photos;
|
|
94
|
+
const nameObj = p.name;
|
|
95
|
+
const email = emails?.[0]?.value ?? p.email ?? null;
|
|
96
|
+
const image = photos?.[0]?.value ??
|
|
97
|
+
p.avatar_url ??
|
|
98
|
+
p.picture ??
|
|
99
|
+
null;
|
|
100
|
+
const composedName = p.displayName ??
|
|
101
|
+
(typeof p.name === "string" ? p.name : undefined) ??
|
|
102
|
+
(nameObj?.givenName
|
|
103
|
+
? `${nameObj.givenName} ${nameObj.familyName ?? ""}`.trim()
|
|
104
|
+
: undefined) ??
|
|
105
|
+
null;
|
|
106
|
+
return {
|
|
107
|
+
id: asString(p.id) ?? asString(p.sub) ?? asString(p.user_id),
|
|
108
|
+
email,
|
|
109
|
+
image,
|
|
110
|
+
name: composedName,
|
|
111
|
+
username: p.username ??
|
|
112
|
+
p.login ??
|
|
113
|
+
null,
|
|
114
|
+
raw,
|
|
115
|
+
};
|
|
116
|
+
};
|
|
117
|
+
// Adapt an instantiated Passport strategy into a Covara social provider.
|
|
118
|
+
export const fromPassport = (strategy, options = {}) => {
|
|
119
|
+
installFetchTransport(strategy);
|
|
120
|
+
const name = options.name ?? strategy.name;
|
|
121
|
+
if (!name || name === "oauth2") {
|
|
122
|
+
throw new Error("fromPassport: could not infer a provider name — pass `{ name }` " +
|
|
123
|
+
"(the strategy's default name is the generic 'oauth2').");
|
|
124
|
+
}
|
|
125
|
+
const mapProfile = options.mapProfile ?? normalizePassportProfile;
|
|
126
|
+
return {
|
|
127
|
+
name,
|
|
128
|
+
scope: options.scope,
|
|
129
|
+
async authenticate(req) {
|
|
130
|
+
const opts = {};
|
|
131
|
+
if (options.scope)
|
|
132
|
+
opts.scope = options.scope;
|
|
133
|
+
return runStrategy(strategy, req, opts);
|
|
134
|
+
},
|
|
135
|
+
toAccount(user, info) {
|
|
136
|
+
const profile = mapProfile(user);
|
|
137
|
+
return {
|
|
138
|
+
provider: name,
|
|
139
|
+
providerAccountId: profile.id ?? "",
|
|
140
|
+
raw: user,
|
|
141
|
+
profile,
|
|
142
|
+
info,
|
|
143
|
+
};
|
|
144
|
+
},
|
|
145
|
+
};
|
|
146
|
+
};
|
|
147
|
+
//# sourceMappingURL=passport-bridge.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"passport-bridge.js","sourceRoot":"","sources":["../../src/auth/passport-bridge.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,EAAE;AACF,iFAAiF;AACjF,kFAAkF;AAClF,oFAAoF;AACpF,gFAAgF;AAChF,oCAAoC;AACpC,EAAE;AACF,mFAAmF;AACnF,mFAAmF;AACnF,oFAAoF;AACpF,oFAAoF;AACpF,qFAAqF;AACrF,mEAAmE;AAsFnE,yEAAyE;AACzE,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,QAA8B,EAAQ,EAAE;IAC5E,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC;IAChC,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,sBAAsB;QAAE,OAAO;IACrD,MAAM,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAErC,MAAM,OAAO,GAAmB,UAE9B,MAAM,EACN,GAAG,EACH,OAAO,EACP,QAAQ,EACR,WAAW,EACX,QAAQ;QAER,MAAM,WAAW,GAA2B;YAC1C,GAAG,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC;YAC9B,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;SACnB,CAAC;QACF,qEAAqE;QACrE,OAAO,WAAW,CAAC,IAAI,CAAC;QACxB,OAAO,WAAW,CAAC,IAAI,CAAC;QACxB,OAAO,WAAW,CAAC,gBAAgB,CAAC,CAAC;QACrC,OAAO,WAAW,CAAC,gBAAgB,CAAC,CAAC;QACrC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC;YAAE,WAAW,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC;QAErE,IAAI,QAAQ,GAAG,GAAG,CAAC;QACnB,IAAI,WAAW,IAAI,CAAC,CAAC,eAAe,IAAI,WAAW,CAAC,EAAE,CAAC;YACrD,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,cAAc,EAAE,WAAW,CAAC,CAAC;YACzE,QAAQ,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,IAAI,GAAgB,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QAC3D,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;YAC9D,IAAI,CAAC,IAAI,GAAG,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAC5E,CAAC;QAED,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC;aAClB,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YAClB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,EAAE,GACN,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC;gBACxC,GAAG,CAAC,MAAM,KAAK,GAAG;gBAClB,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC;YACrB,MAAM,eAAe,GAA2B,EAAE,CAAC;YACnD,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBACjC,eAAe,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,MAAM,QAAQ,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC;YACtE,IAAI,EAAE;gBAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;;gBAClC,QAAQ,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7E,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3E,CAAC,CAAC;IAEF,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC;AAC5B,CAAC,CAAC;AAEF,0EAA0E;AAC1E,MAAM,CAAC,MAAM,WAAW,GAAG,CACzB,QAA8B,EAC9B,GAAoB,EACpB,UAAmC,EAAE,EACX,EAAE,CAC5B,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;IACtB,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,MAAM,IAAI,GAAG,CAAC,OAAwB,EAAQ,EAAE;QAC9C,IAAI,OAAO;YAAE,OAAO;QACpB,OAAO,GAAG,IAAI,CAAC;QACf,OAAO,CAAC,OAAO,CAAC,CAAC;IACnB,CAAC,CAAC;IACF,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAMlC,CAAC;IACF,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACrE,IAAI,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7E,IAAI,CAAC,QAAQ,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;IACzE,IAAI,CAAC,KAAK,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IACvD,IAAI,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IACzC,IAAI,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,MAAM,QAAQ,GAAG,CAAC,KAAc,EAAsB,EAAE,CACtD,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAE5C,iFAAiF;AACjF,qEAAqE;AACrE,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,GAAY,EAAqB,EAAE;IAC1E,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IACpD,MAAM,CAAC,GAAG,GAA8B,CAAC;IAEzC,MAAM,MAAM,GAAG,CAAC,CAAC,MAA+C,CAAC;IACjE,MAAM,MAAM,GAAG,CAAC,CAAC,MAA+C,CAAC;IACjE,MAAM,OAAO,GAAG,CAAC,CAAC,IAEL,CAAC;IAEd,MAAM,KAAK,GACT,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAK,CAAC,CAAC,KAA4B,IAAI,IAAI,CAAC;IAChE,MAAM,KAAK,GACT,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;QACjB,CAAC,CAAC,UAAiC;QACnC,CAAC,CAAC,OAA8B;QACjC,IAAI,CAAC;IACP,MAAM,YAAY,GACf,CAAC,CAAC,WAAkC;QACrC,CAAC,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC,IAAe,CAAC,CAAC,CAAC,SAAS,CAAC;QAC7D,CAAC,OAAO,EAAE,SAAS;YACjB,CAAC,CAAC,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE;YAC3D,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,CAAC;IAEP,OAAO;QACL,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;QAC5D,KAAK;QACL,KAAK;QACL,IAAI,EAAE,YAAY;QAClB,QAAQ,EACL,CAAC,CAAC,QAA+B;YACjC,CAAC,CAAC,KAA4B;YAC/B,IAAI;QACN,GAAG;KACJ,CAAC;AACJ,CAAC,CAAC;AAEF,yEAAyE;AACzE,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,QAA8B,EAC9B,UAA+B,EAAE,EACjB,EAAE;IAClB,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC;IAC3C,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CACb,kEAAkE;YAChE,wDAAwD,CAC3D,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,wBAAwB,CAAC;IAClE,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,KAAK,CAAC,YAAY,CAAC,GAAG;YACpB,MAAM,IAAI,GAA4B,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,KAAK;gBAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;YAC9C,OAAO,WAAW,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1C,CAAC;QACD,SAAS,CAAC,IAAI,EAAE,IAAI;YAClB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;YACjC,OAAO;gBACL,QAAQ,EAAE,IAAI;gBACd,iBAAiB,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE;gBACnC,GAAG,EAAE,IAAI;gBACT,OAAO;gBACP,IAAI;aACL,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC,CAAC"}
|
package/dist/auth/routes.d.ts
CHANGED
|
@@ -6,6 +6,8 @@ import { type CsrfOptions } from "./csrf.js";
|
|
|
6
6
|
import { VerificationTokenStore } from "./verification.js";
|
|
7
7
|
import { type TotpOptions } from "./totp.js";
|
|
8
8
|
import { type PasswordPolicyOptions } from "./password-policy.js";
|
|
9
|
+
import { type SocialAuthOptions } from "./social.js";
|
|
10
|
+
import { type SessionStrategy } from "./session.js";
|
|
9
11
|
export interface AuthUser {
|
|
10
12
|
id: string;
|
|
11
13
|
email?: string | null;
|
|
@@ -13,7 +15,8 @@ export interface AuthUser {
|
|
|
13
15
|
image?: string | null;
|
|
14
16
|
}
|
|
15
17
|
export interface UseAuthOptions {
|
|
16
|
-
|
|
18
|
+
session?: SessionStrategy;
|
|
19
|
+
adapter?: AuthAdapter;
|
|
17
20
|
cookieName?: string;
|
|
18
21
|
cookieOptions?: {
|
|
19
22
|
httpOnly?: boolean;
|
|
@@ -71,6 +74,7 @@ export interface UseAuthOptions {
|
|
|
71
74
|
passwordPolicy?: PasswordPolicyOptions;
|
|
72
75
|
mfa?: MfaOptions;
|
|
73
76
|
magicLink?: MagicLinkAuthOptions;
|
|
77
|
+
social?: SocialAuthOptions;
|
|
74
78
|
}
|
|
75
79
|
export interface MfaEnrollment {
|
|
76
80
|
secret: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/auth/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,KAAK,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/auth/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,KAAK,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAElE,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAG/C,OAAO,EAAiB,KAAK,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAC5E,OAAO,EAAwC,KAAK,WAAW,EAAE,MAAM,QAAQ,CAAC;AAChF,OAAO,EACL,sBAAsB,EAGvB,MAAM,gBAAgB,CAAC;AAMxB,OAAO,EAML,KAAK,WAAW,EACjB,MAAM,QAAQ,CAAC;AAEhB,OAAO,EAEL,KAAK,qBAAqB,EAC3B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAsB,KAAK,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACtE,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,WAAW,CAAC;AAclE,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,cAAc;IAI7B,OAAO,CAAC,EAAE,eAAe,CAAC;IAG1B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE;QACd,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;QACrC,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;IACF,KAAK,CAAC,EAAE;QACN,mBAAmB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;KACpF,CAAC;IACF,MAAM,CAAC,EAAE;QACP,UAAU,EAAE,CAAC,IAAI,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,IAAI,CAAC,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC5F,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9D,gBAAgB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;KACrE,CAAC;IACF,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/D,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,EAAE,CAAC,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1E,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChE,IAAI,CAAC,EAAE,OAAO,GAAG,WAAW,CAAC;IAC7B,QAAQ,CAAC,EAAE,OAAO,GAAG,oBAAoB,CAAC;IAC1C,YAAY,CAAC,EAAE;QACb,KAAK,EAAE,sBAAsB,CAAC;QAC9B,SAAS,EAAE,CAAC,MAAM,EAAE;YAClB,UAAU,EAAE,MAAM,CAAC;YACnB,KAAK,EAAE,MAAM,CAAC;YACd,SAAS,EAAE,IAAI,CAAC;YAChB,CAAC,EAAE,OAAO,CAAC;SACZ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3B,YAAY,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,UAAU,CAAC,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,aAAa,CAAC,EAAE;QACd,KAAK,EAAE,sBAAsB,CAAC;QAC9B,SAAS,EAAE,CAAC,MAAM,EAAE;YAClB,UAAU,EAAE,MAAM,CAAC;YACnB,KAAK,EAAE,MAAM,CAAC;YACd,SAAS,EAAE,IAAI,CAAC;YAChB,CAAC,EAAE,OAAO,CAAC;SACZ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3B,aAAa,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAClF,eAAe,CAAC,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC;YAAE,EAAE,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAC,CAAC;QACzE,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,gBAAgB,CAAC,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF,cAAc,CAAC,EAAE,qBAAqB,CAAC;IACvC,GAAG,CAAC,EAAE,UAAU,CAAC;IACjB,SAAS,CAAC,EAAE,oBAAoB,CAAC;IAIjC,MAAM,CAAC,EAAE,iBAAiB,CAAC;CAC5B;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,WAAW,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,QAAQ,GAAG;QAAE,GAAG,CAAC,EAAE,aAAa,GAAG,IAAI,CAAA;KAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IAC/F,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IACjE,cAAc,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACpF,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClF,iBAAiB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7E;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,sBAAsB,CAAC;IAC9B,QAAQ,EAAE,CAAC,MAAM,EAAE;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,IAAI,CAAC;QAChB,CAAC,EAAE,OAAO,CAAC;KACZ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,eAAe,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IAClE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,IAAI,CAAC;IACb,UAAU,EAAE,iBAAiB,CAAC;CAC/B;AAiCD,eAAO,MAAM,OAAO,GAAI,SAAS,cAAc,KAAG,gBA6fjD,CAAC;AAEF,eAAO,MAAM,gBAAgB,YA/fI,cAAc,KAAG,gBA+fX,CAAC"}
|
package/dist/auth/routes.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { Hono } from "hono";
|
|
2
|
-
import { setCookie, deleteCookie, getCookie } from "hono/cookie";
|
|
3
2
|
import { UnauthorizedError, ValidationError, RateLimitError } from "../resource/error.js";
|
|
4
3
|
import { readJsonBody, getClientIP } from "../server/request.js";
|
|
5
4
|
import { isProduction } from "../server/env.js";
|
|
@@ -10,6 +9,8 @@ import { issuePasswordResetToken, verifyPasswordResetToken, hashNewPassword, } f
|
|
|
10
9
|
import { generateTotpSecret, getTotpUri, verifyTotp, generateBackupCodes, verifyBackupCode, } from "./totp.js";
|
|
11
10
|
import { issueMagicLinkToken, consumeMagicLinkToken } from "./magic-link.js";
|
|
12
11
|
import { enforcePasswordStrength, } from "./password-policy.js";
|
|
12
|
+
import { createSocialRouter } from "./social.js";
|
|
13
|
+
import { fromAuthAdapter } from "./session.js";
|
|
13
14
|
// Request metadata stored in session.data so the admin UI can show where a
|
|
14
15
|
// session came from. Lives inside `data` because every session store already
|
|
15
16
|
// persists that field unchanged.
|
|
@@ -44,12 +45,21 @@ const toCookieOptions = (options) => ({
|
|
|
44
45
|
expires: options?.expires,
|
|
45
46
|
});
|
|
46
47
|
export const useAuth = (options) => {
|
|
47
|
-
const { adapter, cookieName = "session", cookieOptions = {}, login, signup, serializeUser = defaultSerializeUser, onLogin, onLogout, onSignup, csrf, throttle, verification, passwordReset, passwordPolicy, mfa, magicLink, } = options;
|
|
48
|
+
const { adapter, session: sessionOption, cookieName = "session", cookieOptions = {}, login, signup, serializeUser = defaultSerializeUser, onLogin, onLogout, onSignup, csrf, throttle, verification, passwordReset, passwordPolicy, mfa, magicLink, social, } = options;
|
|
48
49
|
const finalCookieOptions = {
|
|
49
50
|
...defaultCookieOptions,
|
|
50
51
|
secure: isProduction(),
|
|
51
52
|
...cookieOptions,
|
|
52
53
|
};
|
|
54
|
+
const strategy = sessionOption ??
|
|
55
|
+
(adapter
|
|
56
|
+
? fromAuthAdapter(adapter, {
|
|
57
|
+
name: cookieName,
|
|
58
|
+
options: toCookieOptions(finalCookieOptions),
|
|
59
|
+
})
|
|
60
|
+
: (() => {
|
|
61
|
+
throw new Error("useAuth requires a `session` strategy (cookieSession/jwtSession) or a legacy `adapter`.");
|
|
62
|
+
})());
|
|
53
63
|
const router = new Hono();
|
|
54
64
|
const csrfOptions = csrf
|
|
55
65
|
? typeof csrf === "object"
|
|
@@ -63,31 +73,34 @@ export const useAuth = (options) => {
|
|
|
63
73
|
const throttle$ = throttle
|
|
64
74
|
? new LoginThrottle(typeof throttle === "object" ? throttle : {})
|
|
65
75
|
: null;
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
76
|
+
// Mint a session/token via the configured strategy and assemble the JSON body.
|
|
77
|
+
// Returns null only if issuance fails, preserving the prior contract.
|
|
78
|
+
const issueLogin = async (c, userId) => {
|
|
79
|
+
try {
|
|
80
|
+
const issued = await strategy.issue(c, userId, sessionRequestMeta(c));
|
|
81
|
+
const body = { user: serializeUser(issued.user) };
|
|
82
|
+
if (issued.sessionId)
|
|
83
|
+
body.sessionId = issued.sessionId;
|
|
84
|
+
if (issued.accessToken) {
|
|
85
|
+
body.accessToken = issued.accessToken;
|
|
86
|
+
body.expiresIn = issued.expiresIn;
|
|
87
|
+
body.tokenType = "Bearer";
|
|
88
|
+
}
|
|
89
|
+
return { body, user: issued.user };
|
|
73
90
|
}
|
|
74
|
-
|
|
75
|
-
const authResult = await adapter.validateCredentials({
|
|
76
|
-
type: "session",
|
|
77
|
-
sessionId: session.id,
|
|
78
|
-
});
|
|
79
|
-
if (!authResult.success || !authResult.user) {
|
|
91
|
+
catch {
|
|
80
92
|
return null;
|
|
81
93
|
}
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
94
|
+
};
|
|
95
|
+
const completeLogin = async (c, userId) => {
|
|
96
|
+
const issued = await issueLogin(c, userId);
|
|
97
|
+
if (!issued)
|
|
98
|
+
return null;
|
|
86
99
|
if (csrfOptions) {
|
|
87
100
|
issueCsrfToken(c, csrfOptions);
|
|
88
101
|
}
|
|
89
|
-
await onLogin?.(
|
|
90
|
-
return
|
|
102
|
+
await onLogin?.(issued.user, c);
|
|
103
|
+
return issued.body;
|
|
91
104
|
};
|
|
92
105
|
const verifyMfaChallenge = async (enrollment, userId, code) => {
|
|
93
106
|
if (!mfa)
|
|
@@ -107,15 +120,10 @@ export const useAuth = (options) => {
|
|
|
107
120
|
};
|
|
108
121
|
const middleware = async (c, next) => {
|
|
109
122
|
try {
|
|
110
|
-
const
|
|
111
|
-
if (
|
|
112
|
-
|
|
113
|
-
}
|
|
114
|
-
const result = await adapter.validateCredentials(credentials);
|
|
115
|
-
if (!result.success || !result.user) {
|
|
116
|
-
return next();
|
|
123
|
+
const result = await strategy.authenticate(c);
|
|
124
|
+
if (result.success && result.user) {
|
|
125
|
+
c.set("user", result.user);
|
|
117
126
|
}
|
|
118
|
-
c.set("user", result.user);
|
|
119
127
|
return next();
|
|
120
128
|
}
|
|
121
129
|
catch {
|
|
@@ -124,16 +132,11 @@ export const useAuth = (options) => {
|
|
|
124
132
|
};
|
|
125
133
|
router.get("/me", async (c) => {
|
|
126
134
|
try {
|
|
127
|
-
const
|
|
128
|
-
if (!credentials) {
|
|
129
|
-
return c.json({ user: null });
|
|
130
|
-
}
|
|
131
|
-
const result = await adapter.validateCredentials(credentials);
|
|
135
|
+
const result = await strategy.authenticate(c);
|
|
132
136
|
if (!result.success || !result.user) {
|
|
133
137
|
return c.json({ user: null });
|
|
134
138
|
}
|
|
135
|
-
|
|
136
|
-
return c.json({ user: serialized, expiresAt: result.expiresAt });
|
|
139
|
+
return c.json({ user: serializeUser(result.user), expiresAt: result.expiresAt });
|
|
137
140
|
}
|
|
138
141
|
catch {
|
|
139
142
|
return c.json({ user: null });
|
|
@@ -207,40 +210,38 @@ export const useAuth = (options) => {
|
|
|
207
210
|
}
|
|
208
211
|
}
|
|
209
212
|
const user = await signup.createUser({ email, password, name });
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
setCookie(c, cookieName, session.id, toCookieOptions({
|
|
215
|
-
...finalCookieOptions,
|
|
216
|
-
expires: session.expiresAt,
|
|
217
|
-
}));
|
|
213
|
+
const issued = await issueLogin(c, user.id);
|
|
214
|
+
if (!issued) {
|
|
215
|
+
throw new UnauthorizedError("Failed to create session");
|
|
216
|
+
}
|
|
218
217
|
await onSignup?.(user, c);
|
|
219
|
-
|
|
218
|
+
// Preserve the original `user` shape; merge in any session/token artifacts.
|
|
219
|
+
const body = {
|
|
220
|
+
user: { id: user.id, email: user.email, name: user.name },
|
|
221
|
+
};
|
|
222
|
+
if (issued.body.sessionId)
|
|
223
|
+
body.sessionId = issued.body.sessionId;
|
|
224
|
+
if (issued.body.accessToken) {
|
|
225
|
+
body.accessToken = issued.body.accessToken;
|
|
226
|
+
body.expiresIn = issued.body.expiresIn;
|
|
227
|
+
body.tokenType = "Bearer";
|
|
228
|
+
}
|
|
229
|
+
return c.json(body);
|
|
220
230
|
});
|
|
221
231
|
}
|
|
222
232
|
router.post("/logout", async (c) => {
|
|
223
233
|
try {
|
|
224
|
-
const credentials = adapter.extractCredentials(c);
|
|
225
234
|
let user = null;
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
user = result.user;
|
|
230
|
-
}
|
|
231
|
-
const sessionToken = credentials.sessionId ?? credentials.token;
|
|
232
|
-
if (sessionToken) {
|
|
233
|
-
await adapter.invalidateSession(sessionToken);
|
|
234
|
-
}
|
|
235
|
+
const result = await strategy.authenticate(c);
|
|
236
|
+
if (result.success && result.user) {
|
|
237
|
+
user = result.user;
|
|
235
238
|
}
|
|
236
|
-
|
|
237
|
-
deleteCookie(c, "connect.sid");
|
|
238
|
-
deleteCookie(c, "session");
|
|
239
|
+
await strategy.logout(c);
|
|
239
240
|
await onLogout?.(user, c);
|
|
240
241
|
return c.json({ success: true });
|
|
241
242
|
}
|
|
242
243
|
catch {
|
|
243
|
-
|
|
244
|
+
await strategy.logout(c).catch(() => { });
|
|
244
245
|
return c.json({ success: true });
|
|
245
246
|
}
|
|
246
247
|
});
|
|
@@ -308,8 +309,8 @@ export const useAuth = (options) => {
|
|
|
308
309
|
await passwordReset.resetPassword(email, passwordHash);
|
|
309
310
|
if (passwordReset.logoutEverywhere && passwordReset.findUserByEmail) {
|
|
310
311
|
const user = await passwordReset.findUserByEmail(email);
|
|
311
|
-
if (user &&
|
|
312
|
-
await
|
|
312
|
+
if (user && strategy.invalidateUserSessions) {
|
|
313
|
+
await strategy.invalidateUserSessions(user.id);
|
|
313
314
|
}
|
|
314
315
|
}
|
|
315
316
|
return c.json({ success: true });
|
|
@@ -317,12 +318,9 @@ export const useAuth = (options) => {
|
|
|
317
318
|
}
|
|
318
319
|
if (mfa) {
|
|
319
320
|
const requireCurrentUser = async (c) => {
|
|
320
|
-
const
|
|
321
|
-
if (
|
|
322
|
-
|
|
323
|
-
if (result.success && result.user) {
|
|
324
|
-
return result.user;
|
|
325
|
-
}
|
|
321
|
+
const result = await strategy.authenticate(c);
|
|
322
|
+
if (result.success && result.user) {
|
|
323
|
+
return result.user;
|
|
326
324
|
}
|
|
327
325
|
throw new UnauthorizedError("Authentication required");
|
|
328
326
|
};
|
|
@@ -424,6 +422,18 @@ export const useAuth = (options) => {
|
|
|
424
422
|
return c.json(result);
|
|
425
423
|
});
|
|
426
424
|
}
|
|
425
|
+
if (social) {
|
|
426
|
+
const socialRouter = createSocialRouter(social, {
|
|
427
|
+
completeLogin,
|
|
428
|
+
cookieSecure: finalCookieOptions.secure,
|
|
429
|
+
cookiePath: finalCookieOptions.path,
|
|
430
|
+
});
|
|
431
|
+
router.route(social.basePath ?? "/social", socialRouter);
|
|
432
|
+
}
|
|
433
|
+
// Strategy-owned routes (e.g. JWT `/refresh`).
|
|
434
|
+
if (strategy.getRoutes) {
|
|
435
|
+
router.route("/", strategy.getRoutes());
|
|
436
|
+
}
|
|
427
437
|
return { router, middleware };
|
|
428
438
|
};
|
|
429
439
|
export const createAuthRoutes = useAuth;
|