covara 0.10.5 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (89) hide show
  1. package/README.md +2 -1
  2. package/dist/auth/index.d.ts +6 -0
  3. package/dist/auth/index.d.ts.map +1 -1
  4. package/dist/auth/index.js +3 -0
  5. package/dist/auth/index.js.map +1 -1
  6. package/dist/auth/passport-bridge.d.ts +74 -0
  7. package/dist/auth/passport-bridge.d.ts.map +1 -0
  8. package/dist/auth/passport-bridge.js +147 -0
  9. package/dist/auth/passport-bridge.js.map +1 -0
  10. package/dist/auth/routes.d.ts +5 -1
  11. package/dist/auth/routes.d.ts.map +1 -1
  12. package/dist/auth/routes.js +77 -67
  13. package/dist/auth/routes.js.map +1 -1
  14. package/dist/auth/rsql.d.ts.map +1 -1
  15. package/dist/auth/rsql.js +3 -0
  16. package/dist/auth/rsql.js.map +1 -1
  17. package/dist/auth/scope.d.ts.map +1 -1
  18. package/dist/auth/scope.js +5 -12
  19. package/dist/auth/scope.js.map +1 -1
  20. package/dist/auth/session.d.ts +71 -0
  21. package/dist/auth/session.d.ts.map +1 -0
  22. package/dist/auth/session.js +328 -0
  23. package/dist/auth/session.js.map +1 -0
  24. package/dist/auth/social.d.ts +34 -0
  25. package/dist/auth/social.d.ts.map +1 -0
  26. package/dist/auth/social.js +144 -0
  27. package/dist/auth/social.js.map +1 -0
  28. package/dist/cli/generate.js +1 -1
  29. package/dist/cli/templates/agents.d.ts.map +1 -1
  30. package/dist/cli/templates/agents.js +3 -0
  31. package/dist/cli/templates/agents.js.map +1 -1
  32. package/dist/cli/templates/frontend.d.ts +1 -1
  33. package/dist/cli/templates/frontend.d.ts.map +1 -1
  34. package/dist/cli/templates/frontend.js +4 -10
  35. package/dist/cli/templates/frontend.js.map +1 -1
  36. package/dist/cli/templates/index.d.ts +1 -1
  37. package/dist/cli/templates/index.d.ts.map +1 -1
  38. package/dist/cli/templates/index.js +3 -2
  39. package/dist/cli/templates/index.js.map +1 -1
  40. package/dist/cli/templates/source.d.ts +5 -4
  41. package/dist/cli/templates/source.d.ts.map +1 -1
  42. package/dist/cli/templates/source.js +48 -48
  43. package/dist/cli/templates/source.js.map +1 -1
  44. package/dist/client/index.d.ts +8 -0
  45. package/dist/client/index.d.ts.map +1 -1
  46. package/dist/client/index.js +41 -0
  47. package/dist/client/index.js.map +1 -1
  48. package/dist/client/live-store.d.ts.map +1 -1
  49. package/dist/client/live-store.js +25 -0
  50. package/dist/client/live-store.js.map +1 -1
  51. package/dist/client/react.d.ts +22 -0
  52. package/dist/client/react.d.ts.map +1 -1
  53. package/dist/client/react.js +64 -0
  54. package/dist/client/react.js.map +1 -1
  55. package/dist/client/types.d.ts +34 -0
  56. package/dist/client/types.d.ts.map +1 -1
  57. package/dist/index.d.ts +9 -2
  58. package/dist/index.d.ts.map +1 -1
  59. package/dist/index.js +5 -1
  60. package/dist/index.js.map +1 -1
  61. package/dist/oidc/backends/federated.d.ts.map +1 -1
  62. package/dist/oidc/backends/federated.js +4 -15
  63. package/dist/oidc/backends/federated.js.map +1 -1
  64. package/dist/oidc/backends/index.d.ts +1 -0
  65. package/dist/oidc/backends/index.d.ts.map +1 -1
  66. package/dist/oidc/backends/index.js +1 -0
  67. package/dist/oidc/backends/index.js.map +1 -1
  68. package/dist/oidc/backends/passport.d.ts +16 -0
  69. package/dist/oidc/backends/passport.d.ts.map +1 -0
  70. package/dist/oidc/backends/passport.js +127 -0
  71. package/dist/oidc/backends/passport.js.map +1 -0
  72. package/dist/oidc/complete-login.d.ts +18 -0
  73. package/dist/oidc/complete-login.d.ts.map +1 -0
  74. package/dist/oidc/complete-login.js +99 -0
  75. package/dist/oidc/complete-login.js.map +1 -0
  76. package/dist/oidc/index.d.ts +2 -1
  77. package/dist/oidc/index.d.ts.map +1 -1
  78. package/dist/oidc/index.js +2 -1
  79. package/dist/oidc/index.js.map +1 -1
  80. package/dist/oidc/provider.d.ts.map +1 -1
  81. package/dist/oidc/provider.js +25 -3
  82. package/dist/oidc/provider.js.map +1 -1
  83. package/dist/oidc/types.d.ts +9 -3
  84. package/dist/oidc/types.d.ts.map +1 -1
  85. package/dist/oidc/types.js.map +1 -1
  86. package/dist/oidc/ui/login.d.ts.map +1 -1
  87. package/dist/oidc/ui/login.js +7 -54
  88. package/dist/oidc/ui/login.js.map +1 -1
  89. package/package.json +3 -2
package/README.md CHANGED
@@ -76,7 +76,8 @@ function TodoList() {
76
76
  - **OIDC Provider** - Built-in OpenID Connect server with PKCE, token revocation (RFC 7009) and introspection (RFC 7662)
77
77
  - **OIDC Hardening** - Component-wise redirect-URI validation, PKCE-required public clients (plain rejected), federated id_token verification, endpoint rate limiting, KV-backed stores by default
78
78
  - **Dynamic Client Registration & Consent Revocation** - Opt-in `POST /register`, plus `POST /consent/revoke` and consent TTL
79
- - **Federated Login** - Google, Microsoft, Okta, Auth0, Keycloak, custom
79
+ - **Federated Login** - Google, Microsoft, Okta, Auth0, Keycloak, custom (OIDC); plus `backends.passport` to use any Passport.js OAuth2 strategy (GitHub, Discord, …) as an upstream under your own OIDC provider
80
+ - **Social Login** - Drop in any Passport.js OAuth2 strategy (GitHub, Discord, Google, …) via `fromPassport`; runs on Node *and* Workers, with one-call `loginWithSocial` / `signInWith` on the client
80
81
  - **JWT Auth** - JWT bearer adapter on the server, `JWTClient` + `useJWTAuth` hook on the client with pluggable token storage (localStorage, memory, AsyncStorage)
81
82
  - **Session Auth** - Auth.js, Passport.js, and session adapters with session rotation on login
82
83
  - **Multi-Factor Auth** - Opt-in TOTP MFA with backup codes
@@ -16,6 +16,12 @@ export { validatePasswordStrength, enforcePasswordStrength, builtInPasswordDenyl
16
16
  export { createAuthAdapter, createSessionStore, type AuthMode, type AuthConfig, type AuthConfigUser, type SessionStoreConfig, } from "./config.js";
17
17
  export { AuthJsAdapter, createAuthJsAdapter } from "./adapters/authjs.js";
18
18
  export { PassportAdapter, createPassportAdapter, fromPassportUser } from "./adapters/passport.js";
19
+ export { fromPassport, installFetchTransport, runStrategy, normalizePassportProfile, } from "./passport-bridge.js";
20
+ export type { SocialProvider, SocialAccount, NormalizedProfile, FromPassportOptions, PassportStrategyLike, PassportRequest, PassportOutcome, } from "./passport-bridge.js";
21
+ export { createSocialRouter, createKvSocialStateStore, } from "./social.js";
22
+ export type { SocialAuthOptions, SocialStateStore } from "./social.js";
23
+ export { cookieSession, jwtSession, fromAuthAdapter } from "./session.js";
24
+ export type { SessionStrategy, SessionUser, IssuedSession, CookieSessionOptions, JwtSessionOptions, } from "./session.js";
19
25
  export { JWTAdapter, createJWTAdapter } from "./adapters/jwt.js";
20
26
  export type { JWTConfig, JWTAdapterOptions, JWTPayload, JWTUser } from "./adapters/jwt.js";
21
27
  export { OIDCAdapter, createOIDCAdapter, oidcProviders } from "./adapters/oidc.js";
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,iBAAiB,EACjB,KAAK,WAAW,GACjB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,aAAa,EACb,KAAK,oBAAoB,EACzB,KAAK,aAAa,GACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,8BAA8B,EAC9B,wBAAwB,EACxB,8BAA8B,EAC9B,UAAU,EACV,WAAW,EACX,SAAS,EACT,aAAa,EACb,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,uBAAuB,EACvB,wBAAwB,EACxB,eAAe,EACf,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,UAAU,EACV,mBAAmB,EACnB,gBAAgB,EAChB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,iBAAiB,GACvB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,KAAK,gBAAgB,GACtB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,mBAAmB,EACnB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,GACxB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,GAC5B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,kBAAkB,GACxB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC/F,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAC9D,YAAY,EAAE,SAAS,EAAE,iBAAiB,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACxF,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChF,YAAY,EACV,kBAAkB,EAClB,kBAAkB,EAClB,YAAY,EACZ,WAAW,EACX,QAAQ,GACT,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,uBAAuB,EACvB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,UAAU,CAAC;AAClB,YAAY,EACV,qBAAqB,EACrB,wBAAwB,EACxB,0BAA0B,EAC1B,oBAAoB,GACrB,MAAM,UAAU,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,iBAAiB,EACjB,KAAK,WAAW,GACjB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,aAAa,EACb,KAAK,oBAAoB,EACzB,KAAK,aAAa,GACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,8BAA8B,EAC9B,wBAAwB,EACxB,8BAA8B,EAC9B,UAAU,EACV,WAAW,EACX,SAAS,EACT,aAAa,EACb,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,uBAAuB,EACvB,wBAAwB,EACxB,eAAe,EACf,KAAK,oBAAoB,GAC1B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,UAAU,EACV,mBAAmB,EACnB,gBAAgB,EAChB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,iBAAiB,GACvB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,KAAK,gBAAgB,GACtB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,mBAAmB,EACnB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,GACxB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,GAC5B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,kBAAkB,GACxB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC/F,OAAO,EACL,YAAY,EACZ,qBAAqB,EACrB,WAAW,EACX,wBAAwB,GACzB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,mBAAmB,EACnB,oBAAoB,EACpB,eAAe,EACf,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,kBAAkB,EAClB,wBAAwB,GACzB,MAAM,UAAU,CAAC;AAClB,YAAY,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACvE,YAAY,EACV,eAAe,EACf,WAAW,EACX,aAAa,EACb,oBAAoB,EACpB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAC9D,YAAY,EAAE,SAAS,EAAE,iBAAiB,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACxF,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChF,YAAY,EACV,kBAAkB,EAClB,kBAAkB,EAClB,YAAY,EACZ,WAAW,EACX,QAAQ,GACT,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,uBAAuB,EACvB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,UAAU,CAAC;AAClB,YAAY,EACV,qBAAqB,EACrB,wBAAwB,EACxB,0BAA0B,EAC1B,oBAAoB,GACrB,MAAM,UAAU,CAAC"}
@@ -16,6 +16,9 @@ export { validatePasswordStrength, enforcePasswordStrength, builtInPasswordDenyl
16
16
  export { createAuthAdapter, createSessionStore, } from "./config.js";
17
17
  export { AuthJsAdapter, createAuthJsAdapter } from "./adapters/authjs.js";
18
18
  export { PassportAdapter, createPassportAdapter, fromPassportUser } from "./adapters/passport.js";
19
+ export { fromPassport, installFetchTransport, runStrategy, normalizePassportProfile, } from "./passport-bridge.js";
20
+ export { createSocialRouter, createKvSocialStateStore, } from "./social.js";
21
+ export { cookieSession, jwtSession, fromAuthAdapter } from "./session.js";
19
22
  export { JWTAdapter, createJWTAdapter } from "./adapters/jwt.js";
20
23
  export { OIDCAdapter, createOIDCAdapter, oidcProviders } from "./adapters/oidc.js";
21
24
  export { KVSessionStore, createKVSessionStore, RedisSessionStore, createRedisSessionStore, DrizzleSessionStore, createDrizzleSessionStore, } from "./stores/index.js";
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,iBAAiB,GAElB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,aAAa,GAGd,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,8BAA8B,EAC9B,wBAAwB,EACxB,8BAA8B,EAC9B,UAAU,EACV,WAAW,EACX,SAAS,EACT,aAAa,GAGd,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,uBAAuB,EACvB,wBAAwB,EACxB,eAAe,GAEhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,UAAU,EACV,mBAAmB,EACnB,gBAAgB,GAIjB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GAEtB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,mBAAmB,GAQpB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,GAGxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,GAKnB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC/F,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAShF,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,uBAAuB,EACvB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,UAAU,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,iBAAiB,GAElB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,aAAa,GAGd,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,8BAA8B,EAC9B,wBAAwB,EACxB,8BAA8B,EAC9B,UAAU,EACV,WAAW,EACX,SAAS,EACT,aAAa,GAGd,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,uBAAuB,EACvB,wBAAwB,EACxB,eAAe,GAEhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,UAAU,EACV,mBAAmB,EACnB,gBAAgB,GAIjB,MAAM,QAAQ,CAAC;AAChB,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GAEtB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,mBAAmB,GAQpB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,GAGxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,GAKnB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC/F,OAAO,EACL,YAAY,EACZ,qBAAqB,EACrB,WAAW,EACX,wBAAwB,GACzB,MAAM,mBAAmB,CAAC;AAU3B,OAAO,EACL,kBAAkB,EAClB,wBAAwB,GACzB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAQvE,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAShF,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,uBAAuB,EACvB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,UAAU,CAAC"}
@@ -0,0 +1,74 @@
1
+ export interface PassportStrategyLike {
2
+ name?: string;
3
+ authenticate(req: PassportRequest, options?: Record<string, unknown>): void;
4
+ _oauth2?: OAuthLikeClient;
5
+ }
6
+ interface OAuthLikeClient {
7
+ _request?: OAuthRequestFn;
8
+ _customHeaders?: Record<string, string>;
9
+ _accessTokenName?: string;
10
+ __covaraFetchTransport?: boolean;
11
+ }
12
+ type OAuthRequestFn = (method: string, url: string, headers: Record<string, string> | null, postBody: string | Buffer | null, accessToken: string | null, callback: (error: unknown, result?: string, response?: {
13
+ statusCode: number;
14
+ headers?: Record<string, string>;
15
+ }) => void) => void;
16
+ export interface PassportRequest {
17
+ query: Record<string, unknown>;
18
+ body?: Record<string, unknown>;
19
+ headers: Record<string, string>;
20
+ session: Record<string, unknown>;
21
+ url: string;
22
+ method: string;
23
+ connection: Record<string, unknown>;
24
+ }
25
+ export type PassportOutcome = {
26
+ kind: "redirect";
27
+ url: string;
28
+ status?: number;
29
+ } | {
30
+ kind: "success";
31
+ user: unknown;
32
+ info?: unknown;
33
+ } | {
34
+ kind: "fail";
35
+ challenge?: unknown;
36
+ status?: number;
37
+ } | {
38
+ kind: "error";
39
+ error: Error;
40
+ } | {
41
+ kind: "pass";
42
+ };
43
+ export interface NormalizedProfile {
44
+ id?: string;
45
+ email?: string | null;
46
+ name?: string | null;
47
+ image?: string | null;
48
+ username?: string | null;
49
+ raw: unknown;
50
+ }
51
+ export interface SocialAccount {
52
+ provider: string;
53
+ providerAccountId: string;
54
+ raw: unknown;
55
+ profile: NormalizedProfile;
56
+ info?: unknown;
57
+ }
58
+ export interface SocialProvider {
59
+ name: string;
60
+ scope?: string | string[];
61
+ authenticate(req: PassportRequest): Promise<PassportOutcome>;
62
+ toAccount(user: unknown, info?: unknown): SocialAccount;
63
+ }
64
+ export interface FromPassportOptions {
65
+ name?: string;
66
+ scope?: string | string[];
67
+ mapProfile?: (raw: unknown) => NormalizedProfile;
68
+ }
69
+ export declare const installFetchTransport: (strategy: PassportStrategyLike) => void;
70
+ export declare const runStrategy: (strategy: PassportStrategyLike, req: PassportRequest, options?: Record<string, unknown>) => Promise<PassportOutcome>;
71
+ export declare const normalizePassportProfile: (raw: unknown) => NormalizedProfile;
72
+ export declare const fromPassport: (strategy: PassportStrategyLike, options?: FromPassportOptions) => SocialProvider;
73
+ export {};
74
+ //# sourceMappingURL=passport-bridge.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"passport-bridge.d.ts","sourceRoot":"","sources":["../../src/auth/passport-bridge.ts"],"names":[],"mappings":"AAgBA,MAAM,WAAW,oBAAoB;IACnC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAE5E,OAAO,CAAC,EAAE,eAAe,CAAC;CAC3B;AAED,UAAU,eAAe;IACvB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,KAAK,cAAc,GAAG,CACpB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,EACtC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,EAChC,WAAW,EAAE,MAAM,GAAG,IAAI,EAC1B,QAAQ,EAAE,CACR,KAAK,EAAE,OAAO,EACd,MAAM,CAAC,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,KAChE,IAAI,KACN,IAAI,CAAC;AAEV,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,MAAM,eAAe,GACvB;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GAClD;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,OAAO,CAAC;IAAC,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAClD;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GACtD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAE,GAC/B;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,GAAG,EAAE,OAAO,CAAC;CACd;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IAGjB,iBAAiB,EAAE,MAAM,CAAC;IAK1B,GAAG,EAAE,OAAO,CAAC;IACb,OAAO,EAAE,iBAAiB,CAAC;IAC3B,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC7D,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,aAAa,CAAC;CACzD;AAED,MAAM,WAAW,mBAAmB;IAGlC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE1B,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,iBAAiB,CAAC;CAClD;AAGD,eAAO,MAAM,qBAAqB,GAAI,UAAU,oBAAoB,KAAG,IAwDtE,CAAC;AAGF,eAAO,MAAM,WAAW,GACtB,UAAU,oBAAoB,EAC9B,KAAK,eAAe,EACpB,UAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,KACpC,OAAO,CAAC,eAAe,CAyBtB,CAAC;AAOL,eAAO,MAAM,wBAAwB,GAAI,KAAK,OAAO,KAAG,iBAoCvD,CAAC;AAGF,eAAO,MAAM,YAAY,GACvB,UAAU,oBAAoB,EAC9B,UAAS,mBAAwB,KAChC,cA6BF,CAAC"}
@@ -0,0 +1,147 @@
1
+ // Run arbitrary Passport.js strategies inside Covara — on Node *and* Workers.
2
+ //
3
+ // Passport strategies do not actually need Express: `Strategy.authenticate(req)`
4
+ // only reads `req.query` / `req.headers` / `req.session` / `req.body` and signals
5
+ // its result through `this.success / fail / redirect / error / pass` — methods that
6
+ // Passport core injects, not Express. We inject them ourselves and synthesize a
7
+ // minimal `req` from a Web request.
8
+ //
9
+ // The only Workers blocker is that OAuth2 strategies do their HTTP through the old
10
+ // `node-oauth` package (`node:https`). All of node-oauth's requests funnel through
11
+ // one method, `oauth2._request(...)`, so we swap that for `fetch` — after which the
12
+ // entire `passport-oauth2` family does token exchange + profile fetch over `fetch`,
13
+ // i.e. runtime-agnostic. No dependency on `passport` is added; users bring their own
14
+ // strategy packages (`passport-github2`, `passport-discord`, ...).
15
+ // Swap node-oauth's single HTTP seam for `fetch`. Idempotent per client.
16
+ export const installFetchTransport = (strategy) => {
17
+ const oauth2 = strategy._oauth2;
18
+ if (!oauth2 || oauth2.__covaraFetchTransport)
19
+ return;
20
+ oauth2.__covaraFetchTransport = true;
21
+ const request = function (method, url, headers, postBody, accessToken, callback) {
22
+ const realHeaders = {
23
+ ...(this._customHeaders ?? {}),
24
+ ...(headers ?? {}),
25
+ };
26
+ // fetch manages these; node-oauth would set them on the raw request.
27
+ delete realHeaders.Host;
28
+ delete realHeaders.host;
29
+ delete realHeaders["Content-Length"];
30
+ delete realHeaders["Content-length"];
31
+ if (!realHeaders["User-Agent"])
32
+ realHeaders["User-Agent"] = "covara";
33
+ let finalUrl = url;
34
+ if (accessToken && !("Authorization" in realHeaders)) {
35
+ const u = new URL(url);
36
+ u.searchParams.set(this._accessTokenName ?? "access_token", accessToken);
37
+ finalUrl = u.toString();
38
+ }
39
+ const init = { method, headers: realHeaders };
40
+ if (method !== "GET" && method !== "HEAD" && postBody != null) {
41
+ init.body = typeof postBody === "string" ? postBody : postBody.toString();
42
+ }
43
+ fetch(finalUrl, init)
44
+ .then(async (res) => {
45
+ const text = await res.text();
46
+ const ok = (res.status >= 200 && res.status <= 299) ||
47
+ res.status === 301 ||
48
+ res.status === 302;
49
+ const responseHeaders = {};
50
+ res.headers.forEach((value, key) => {
51
+ responseHeaders[key] = value;
52
+ });
53
+ const response = { statusCode: res.status, headers: responseHeaders };
54
+ if (ok)
55
+ callback(null, text, response);
56
+ else
57
+ callback({ statusCode: res.status, data: text }, undefined, response);
58
+ })
59
+ .catch((e) => callback(e instanceof Error ? e : new Error(String(e))));
60
+ };
61
+ oauth2._request = request;
62
+ };
63
+ // Drive a strategy's authenticate() once, capturing its delegate outcome.
64
+ export const runStrategy = (strategy, req, options = {}) => new Promise((resolve) => {
65
+ let settled = false;
66
+ const done = (outcome) => {
67
+ if (settled)
68
+ return;
69
+ settled = true;
70
+ resolve(outcome);
71
+ };
72
+ const inst = Object.create(strategy);
73
+ inst.success = (user, info) => done({ kind: "success", user, info });
74
+ inst.fail = (challenge, status) => done({ kind: "fail", challenge, status });
75
+ inst.redirect = (url, status) => done({ kind: "redirect", url, status });
76
+ inst.error = (error) => done({ kind: "error", error });
77
+ inst.pass = () => done({ kind: "pass" });
78
+ try {
79
+ inst.authenticate(req, options);
80
+ }
81
+ catch (e) {
82
+ done({ kind: "error", error: e instanceof Error ? e : new Error(String(e)) });
83
+ }
84
+ });
85
+ const asString = (value) => value == null ? undefined : String(value);
86
+ // Normalize a standard passport `Profile` (id/displayName/emails/photos/...) and
87
+ // the looser raw-object shapes commonly returned by OAuth providers.
88
+ export const normalizePassportProfile = (raw) => {
89
+ if (!raw || typeof raw !== "object")
90
+ return { raw };
91
+ const p = raw;
92
+ const emails = p.emails;
93
+ const photos = p.photos;
94
+ const nameObj = p.name;
95
+ const email = emails?.[0]?.value ?? p.email ?? null;
96
+ const image = photos?.[0]?.value ??
97
+ p.avatar_url ??
98
+ p.picture ??
99
+ null;
100
+ const composedName = p.displayName ??
101
+ (typeof p.name === "string" ? p.name : undefined) ??
102
+ (nameObj?.givenName
103
+ ? `${nameObj.givenName} ${nameObj.familyName ?? ""}`.trim()
104
+ : undefined) ??
105
+ null;
106
+ return {
107
+ id: asString(p.id) ?? asString(p.sub) ?? asString(p.user_id),
108
+ email,
109
+ image,
110
+ name: composedName,
111
+ username: p.username ??
112
+ p.login ??
113
+ null,
114
+ raw,
115
+ };
116
+ };
117
+ // Adapt an instantiated Passport strategy into a Covara social provider.
118
+ export const fromPassport = (strategy, options = {}) => {
119
+ installFetchTransport(strategy);
120
+ const name = options.name ?? strategy.name;
121
+ if (!name || name === "oauth2") {
122
+ throw new Error("fromPassport: could not infer a provider name — pass `{ name }` " +
123
+ "(the strategy's default name is the generic 'oauth2').");
124
+ }
125
+ const mapProfile = options.mapProfile ?? normalizePassportProfile;
126
+ return {
127
+ name,
128
+ scope: options.scope,
129
+ async authenticate(req) {
130
+ const opts = {};
131
+ if (options.scope)
132
+ opts.scope = options.scope;
133
+ return runStrategy(strategy, req, opts);
134
+ },
135
+ toAccount(user, info) {
136
+ const profile = mapProfile(user);
137
+ return {
138
+ provider: name,
139
+ providerAccountId: profile.id ?? "",
140
+ raw: user,
141
+ profile,
142
+ info,
143
+ };
144
+ },
145
+ };
146
+ };
147
+ //# sourceMappingURL=passport-bridge.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"passport-bridge.js","sourceRoot":"","sources":["../../src/auth/passport-bridge.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,EAAE;AACF,iFAAiF;AACjF,kFAAkF;AAClF,oFAAoF;AACpF,gFAAgF;AAChF,oCAAoC;AACpC,EAAE;AACF,mFAAmF;AACnF,mFAAmF;AACnF,oFAAoF;AACpF,oFAAoF;AACpF,qFAAqF;AACrF,mEAAmE;AAsFnE,yEAAyE;AACzE,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,QAA8B,EAAQ,EAAE;IAC5E,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC;IAChC,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,sBAAsB;QAAE,OAAO;IACrD,MAAM,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAErC,MAAM,OAAO,GAAmB,UAE9B,MAAM,EACN,GAAG,EACH,OAAO,EACP,QAAQ,EACR,WAAW,EACX,QAAQ;QAER,MAAM,WAAW,GAA2B;YAC1C,GAAG,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC;YAC9B,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;SACnB,CAAC;QACF,qEAAqE;QACrE,OAAO,WAAW,CAAC,IAAI,CAAC;QACxB,OAAO,WAAW,CAAC,IAAI,CAAC;QACxB,OAAO,WAAW,CAAC,gBAAgB,CAAC,CAAC;QACrC,OAAO,WAAW,CAAC,gBAAgB,CAAC,CAAC;QACrC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC;YAAE,WAAW,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC;QAErE,IAAI,QAAQ,GAAG,GAAG,CAAC;QACnB,IAAI,WAAW,IAAI,CAAC,CAAC,eAAe,IAAI,WAAW,CAAC,EAAE,CAAC;YACrD,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,cAAc,EAAE,WAAW,CAAC,CAAC;YACzE,QAAQ,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,IAAI,GAAgB,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QAC3D,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;YAC9D,IAAI,CAAC,IAAI,GAAG,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAC5E,CAAC;QAED,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC;aAClB,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YAClB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,EAAE,GACN,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC;gBACxC,GAAG,CAAC,MAAM,KAAK,GAAG;gBAClB,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC;YACrB,MAAM,eAAe,GAA2B,EAAE,CAAC;YACnD,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBACjC,eAAe,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,MAAM,QAAQ,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC;YACtE,IAAI,EAAE;gBAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;;gBAClC,QAAQ,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7E,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3E,CAAC,CAAC;IAEF,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC;AAC5B,CAAC,CAAC;AAEF,0EAA0E;AAC1E,MAAM,CAAC,MAAM,WAAW,GAAG,CACzB,QAA8B,EAC9B,GAAoB,EACpB,UAAmC,EAAE,EACX,EAAE,CAC5B,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;IACtB,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,MAAM,IAAI,GAAG,CAAC,OAAwB,EAAQ,EAAE;QAC9C,IAAI,OAAO;YAAE,OAAO;QACpB,OAAO,GAAG,IAAI,CAAC;QACf,OAAO,CAAC,OAAO,CAAC,CAAC;IACnB,CAAC,CAAC;IACF,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAMlC,CAAC;IACF,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACrE,IAAI,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7E,IAAI,CAAC,QAAQ,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;IACzE,IAAI,CAAC,KAAK,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IACvD,IAAI,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IACzC,IAAI,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,MAAM,QAAQ,GAAG,CAAC,KAAc,EAAsB,EAAE,CACtD,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAE5C,iFAAiF;AACjF,qEAAqE;AACrE,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,GAAY,EAAqB,EAAE;IAC1E,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IACpD,MAAM,CAAC,GAAG,GAA8B,CAAC;IAEzC,MAAM,MAAM,GAAG,CAAC,CAAC,MAA+C,CAAC;IACjE,MAAM,MAAM,GAAG,CAAC,CAAC,MAA+C,CAAC;IACjE,MAAM,OAAO,GAAG,CAAC,CAAC,IAEL,CAAC;IAEd,MAAM,KAAK,GACT,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAK,CAAC,CAAC,KAA4B,IAAI,IAAI,CAAC;IAChE,MAAM,KAAK,GACT,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;QACjB,CAAC,CAAC,UAAiC;QACnC,CAAC,CAAC,OAA8B;QACjC,IAAI,CAAC;IACP,MAAM,YAAY,GACf,CAAC,CAAC,WAAkC;QACrC,CAAC,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC,IAAe,CAAC,CAAC,CAAC,SAAS,CAAC;QAC7D,CAAC,OAAO,EAAE,SAAS;YACjB,CAAC,CAAC,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE;YAC3D,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,CAAC;IAEP,OAAO;QACL,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;QAC5D,KAAK;QACL,KAAK;QACL,IAAI,EAAE,YAAY;QAClB,QAAQ,EACL,CAAC,CAAC,QAA+B;YACjC,CAAC,CAAC,KAA4B;YAC/B,IAAI;QACN,GAAG;KACJ,CAAC;AACJ,CAAC,CAAC;AAEF,yEAAyE;AACzE,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,QAA8B,EAC9B,UAA+B,EAAE,EACjB,EAAE;IAClB,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC;IAC3C,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CACb,kEAAkE;YAChE,wDAAwD,CAC3D,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,wBAAwB,CAAC;IAClE,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,KAAK,CAAC,YAAY,CAAC,GAAG;YACpB,MAAM,IAAI,GAA4B,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,KAAK;gBAAE,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;YAC9C,OAAO,WAAW,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1C,CAAC;QACD,SAAS,CAAC,IAAI,EAAE,IAAI;YAClB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;YACjC,OAAO;gBACL,QAAQ,EAAE,IAAI;gBACd,iBAAiB,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE;gBACnC,GAAG,EAAE,IAAI;gBACT,OAAO;gBACP,IAAI;aACL,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC,CAAC"}
@@ -6,6 +6,8 @@ import { type CsrfOptions } from "./csrf.js";
6
6
  import { VerificationTokenStore } from "./verification.js";
7
7
  import { type TotpOptions } from "./totp.js";
8
8
  import { type PasswordPolicyOptions } from "./password-policy.js";
9
+ import { type SocialAuthOptions } from "./social.js";
10
+ import { type SessionStrategy } from "./session.js";
9
11
  export interface AuthUser {
10
12
  id: string;
11
13
  email?: string | null;
@@ -13,7 +15,8 @@ export interface AuthUser {
13
15
  image?: string | null;
14
16
  }
15
17
  export interface UseAuthOptions {
16
- adapter: AuthAdapter;
18
+ session?: SessionStrategy;
19
+ adapter?: AuthAdapter;
17
20
  cookieName?: string;
18
21
  cookieOptions?: {
19
22
  httpOnly?: boolean;
@@ -71,6 +74,7 @@ export interface UseAuthOptions {
71
74
  passwordPolicy?: PasswordPolicyOptions;
72
75
  mfa?: MfaOptions;
73
76
  magicLink?: MagicLinkAuthOptions;
77
+ social?: SocialAuthOptions;
74
78
  }
75
79
  export interface MfaEnrollment {
76
80
  secret: string;
@@ -1 +1 @@
1
- {"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/auth/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,KAAK,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAGlE,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAG/C,OAAO,EAAiB,KAAK,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAC5E,OAAO,EAAwC,KAAK,WAAW,EAAE,MAAM,QAAQ,CAAC;AAChF,OAAO,EACL,sBAAsB,EAGvB,MAAM,gBAAgB,CAAC;AAMxB,OAAO,EAML,KAAK,WAAW,EACjB,MAAM,QAAQ,CAAC;AAEhB,OAAO,EAEL,KAAK,qBAAqB,EAC3B,MAAM,mBAAmB,CAAC;AAc3B,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,WAAW,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE;QACd,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;QACrC,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;IACF,KAAK,CAAC,EAAE;QACN,mBAAmB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;KACpF,CAAC;IACF,MAAM,CAAC,EAAE;QACP,UAAU,EAAE,CAAC,IAAI,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,IAAI,CAAC,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC5F,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9D,gBAAgB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;KACrE,CAAC;IACF,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/D,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,EAAE,CAAC,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1E,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChE,IAAI,CAAC,EAAE,OAAO,GAAG,WAAW,CAAC;IAC7B,QAAQ,CAAC,EAAE,OAAO,GAAG,oBAAoB,CAAC;IAC1C,YAAY,CAAC,EAAE;QACb,KAAK,EAAE,sBAAsB,CAAC;QAC9B,SAAS,EAAE,CAAC,MAAM,EAAE;YAClB,UAAU,EAAE,MAAM,CAAC;YACnB,KAAK,EAAE,MAAM,CAAC;YACd,SAAS,EAAE,IAAI,CAAC;YAChB,CAAC,EAAE,OAAO,CAAC;SACZ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3B,YAAY,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,UAAU,CAAC,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,aAAa,CAAC,EAAE;QACd,KAAK,EAAE,sBAAsB,CAAC;QAC9B,SAAS,EAAE,CAAC,MAAM,EAAE;YAClB,UAAU,EAAE,MAAM,CAAC;YACnB,KAAK,EAAE,MAAM,CAAC;YACd,SAAS,EAAE,IAAI,CAAC;YAChB,CAAC,EAAE,OAAO,CAAC;SACZ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3B,aAAa,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAClF,eAAe,CAAC,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC;YAAE,EAAE,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAC,CAAC;QACzE,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,gBAAgB,CAAC,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF,cAAc,CAAC,EAAE,qBAAqB,CAAC;IACvC,GAAG,CAAC,EAAE,UAAU,CAAC;IACjB,SAAS,CAAC,EAAE,oBAAoB,CAAC;CAClC;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,WAAW,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,QAAQ,GAAG;QAAE,GAAG,CAAC,EAAE,aAAa,GAAG,IAAI,CAAA;KAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IAC/F,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IACjE,cAAc,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACpF,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClF,iBAAiB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7E;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,sBAAsB,CAAC;IAC9B,QAAQ,EAAE,CAAC,MAAM,EAAE;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,IAAI,CAAC;QAChB,CAAC,EAAE,OAAO,CAAC;KACZ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,eAAe,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IAClE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,IAAI,CAAC;IACb,UAAU,EAAE,iBAAiB,CAAC;CAC/B;AAiCD,eAAO,MAAM,OAAO,GAAI,SAAS,cAAc,KAAG,gBAyfjD,CAAC;AAEF,eAAO,MAAM,gBAAgB,YA3fI,cAAc,KAAG,gBA2fX,CAAC"}
1
+ {"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/auth/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,KAAK,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAElE,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAG/C,OAAO,EAAiB,KAAK,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAC5E,OAAO,EAAwC,KAAK,WAAW,EAAE,MAAM,QAAQ,CAAC;AAChF,OAAO,EACL,sBAAsB,EAGvB,MAAM,gBAAgB,CAAC;AAMxB,OAAO,EAML,KAAK,WAAW,EACjB,MAAM,QAAQ,CAAC;AAEhB,OAAO,EAEL,KAAK,qBAAqB,EAC3B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAsB,KAAK,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACtE,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,WAAW,CAAC;AAclE,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,cAAc;IAI7B,OAAO,CAAC,EAAE,eAAe,CAAC;IAG1B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE;QACd,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;QACrC,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;IACF,KAAK,CAAC,EAAE;QACN,mBAAmB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;KACpF,CAAC;IACF,MAAM,CAAC,EAAE;QACP,UAAU,EAAE,CAAC,IAAI,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,IAAI,CAAC,EAAE,MAAM,CAAA;SAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC5F,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9D,gBAAgB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;KACrE,CAAC;IACF,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/D,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,EAAE,CAAC,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1E,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChE,IAAI,CAAC,EAAE,OAAO,GAAG,WAAW,CAAC;IAC7B,QAAQ,CAAC,EAAE,OAAO,GAAG,oBAAoB,CAAC;IAC1C,YAAY,CAAC,EAAE;QACb,KAAK,EAAE,sBAAsB,CAAC;QAC9B,SAAS,EAAE,CAAC,MAAM,EAAE;YAClB,UAAU,EAAE,MAAM,CAAC;YACnB,KAAK,EAAE,MAAM,CAAC;YACd,SAAS,EAAE,IAAI,CAAC;YAChB,CAAC,EAAE,OAAO,CAAC;SACZ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3B,YAAY,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,UAAU,CAAC,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,aAAa,CAAC,EAAE;QACd,KAAK,EAAE,sBAAsB,CAAC;QAC9B,SAAS,EAAE,CAAC,MAAM,EAAE;YAClB,UAAU,EAAE,MAAM,CAAC;YACnB,KAAK,EAAE,MAAM,CAAC;YACd,SAAS,EAAE,IAAI,CAAC;YAChB,CAAC,EAAE,OAAO,CAAC;SACZ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3B,aAAa,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAClF,eAAe,CAAC,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC;YAAE,EAAE,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAC,CAAC;QACzE,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,gBAAgB,CAAC,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF,cAAc,CAAC,EAAE,qBAAqB,CAAC;IACvC,GAAG,CAAC,EAAE,UAAU,CAAC;IACjB,SAAS,CAAC,EAAE,oBAAoB,CAAC;IAIjC,MAAM,CAAC,EAAE,iBAAiB,CAAC;CAC5B;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,WAAW,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,QAAQ,GAAG;QAAE,GAAG,CAAC,EAAE,aAAa,GAAG,IAAI,CAAA;KAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IAC/F,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IACjE,cAAc,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACpF,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClF,iBAAiB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7E;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,sBAAsB,CAAC;IAC9B,QAAQ,EAAE,CAAC,MAAM,EAAE;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,EAAE,IAAI,CAAC;QAChB,CAAC,EAAE,OAAO,CAAC;KACZ,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,eAAe,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IAClE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,IAAI,CAAC;IACb,UAAU,EAAE,iBAAiB,CAAC;CAC/B;AAiCD,eAAO,MAAM,OAAO,GAAI,SAAS,cAAc,KAAG,gBA6fjD,CAAC;AAEF,eAAO,MAAM,gBAAgB,YA/fI,cAAc,KAAG,gBA+fX,CAAC"}
@@ -1,5 +1,4 @@
1
1
  import { Hono } from "hono";
2
- import { setCookie, deleteCookie, getCookie } from "hono/cookie";
3
2
  import { UnauthorizedError, ValidationError, RateLimitError } from "../resource/error.js";
4
3
  import { readJsonBody, getClientIP } from "../server/request.js";
5
4
  import { isProduction } from "../server/env.js";
@@ -10,6 +9,8 @@ import { issuePasswordResetToken, verifyPasswordResetToken, hashNewPassword, } f
10
9
  import { generateTotpSecret, getTotpUri, verifyTotp, generateBackupCodes, verifyBackupCode, } from "./totp.js";
11
10
  import { issueMagicLinkToken, consumeMagicLinkToken } from "./magic-link.js";
12
11
  import { enforcePasswordStrength, } from "./password-policy.js";
12
+ import { createSocialRouter } from "./social.js";
13
+ import { fromAuthAdapter } from "./session.js";
13
14
  // Request metadata stored in session.data so the admin UI can show where a
14
15
  // session came from. Lives inside `data` because every session store already
15
16
  // persists that field unchanged.
@@ -44,12 +45,21 @@ const toCookieOptions = (options) => ({
44
45
  expires: options?.expires,
45
46
  });
46
47
  export const useAuth = (options) => {
47
- const { adapter, cookieName = "session", cookieOptions = {}, login, signup, serializeUser = defaultSerializeUser, onLogin, onLogout, onSignup, csrf, throttle, verification, passwordReset, passwordPolicy, mfa, magicLink, } = options;
48
+ const { adapter, session: sessionOption, cookieName = "session", cookieOptions = {}, login, signup, serializeUser = defaultSerializeUser, onLogin, onLogout, onSignup, csrf, throttle, verification, passwordReset, passwordPolicy, mfa, magicLink, social, } = options;
48
49
  const finalCookieOptions = {
49
50
  ...defaultCookieOptions,
50
51
  secure: isProduction(),
51
52
  ...cookieOptions,
52
53
  };
54
+ const strategy = sessionOption ??
55
+ (adapter
56
+ ? fromAuthAdapter(adapter, {
57
+ name: cookieName,
58
+ options: toCookieOptions(finalCookieOptions),
59
+ })
60
+ : (() => {
61
+ throw new Error("useAuth requires a `session` strategy (cookieSession/jwtSession) or a legacy `adapter`.");
62
+ })());
53
63
  const router = new Hono();
54
64
  const csrfOptions = csrf
55
65
  ? typeof csrf === "object"
@@ -63,31 +73,34 @@ export const useAuth = (options) => {
63
73
  const throttle$ = throttle
64
74
  ? new LoginThrottle(typeof throttle === "object" ? throttle : {})
65
75
  : null;
66
- const completeLogin = async (c, userId) => {
67
- if (!adapter.createSession) {
68
- throw new Error("Adapter does not support session creation");
69
- }
70
- const priorSessionId = getCookie(c, cookieName);
71
- if (priorSessionId) {
72
- await adapter.invalidateSession(priorSessionId);
76
+ // Mint a session/token via the configured strategy and assemble the JSON body.
77
+ // Returns null only if issuance fails, preserving the prior contract.
78
+ const issueLogin = async (c, userId) => {
79
+ try {
80
+ const issued = await strategy.issue(c, userId, sessionRequestMeta(c));
81
+ const body = { user: serializeUser(issued.user) };
82
+ if (issued.sessionId)
83
+ body.sessionId = issued.sessionId;
84
+ if (issued.accessToken) {
85
+ body.accessToken = issued.accessToken;
86
+ body.expiresIn = issued.expiresIn;
87
+ body.tokenType = "Bearer";
88
+ }
89
+ return { body, user: issued.user };
73
90
  }
74
- const session = await adapter.createSession(userId, sessionRequestMeta(c));
75
- const authResult = await adapter.validateCredentials({
76
- type: "session",
77
- sessionId: session.id,
78
- });
79
- if (!authResult.success || !authResult.user) {
91
+ catch {
80
92
  return null;
81
93
  }
82
- setCookie(c, cookieName, session.id, toCookieOptions({
83
- ...finalCookieOptions,
84
- expires: session.expiresAt,
85
- }));
94
+ };
95
+ const completeLogin = async (c, userId) => {
96
+ const issued = await issueLogin(c, userId);
97
+ if (!issued)
98
+ return null;
86
99
  if (csrfOptions) {
87
100
  issueCsrfToken(c, csrfOptions);
88
101
  }
89
- await onLogin?.(authResult.user, c);
90
- return { user: serializeUser(authResult.user), sessionId: session.id };
102
+ await onLogin?.(issued.user, c);
103
+ return issued.body;
91
104
  };
92
105
  const verifyMfaChallenge = async (enrollment, userId, code) => {
93
106
  if (!mfa)
@@ -107,15 +120,10 @@ export const useAuth = (options) => {
107
120
  };
108
121
  const middleware = async (c, next) => {
109
122
  try {
110
- const credentials = adapter.extractCredentials(c);
111
- if (!credentials) {
112
- return next();
113
- }
114
- const result = await adapter.validateCredentials(credentials);
115
- if (!result.success || !result.user) {
116
- return next();
123
+ const result = await strategy.authenticate(c);
124
+ if (result.success && result.user) {
125
+ c.set("user", result.user);
117
126
  }
118
- c.set("user", result.user);
119
127
  return next();
120
128
  }
121
129
  catch {
@@ -124,16 +132,11 @@ export const useAuth = (options) => {
124
132
  };
125
133
  router.get("/me", async (c) => {
126
134
  try {
127
- const credentials = adapter.extractCredentials(c);
128
- if (!credentials) {
129
- return c.json({ user: null });
130
- }
131
- const result = await adapter.validateCredentials(credentials);
135
+ const result = await strategy.authenticate(c);
132
136
  if (!result.success || !result.user) {
133
137
  return c.json({ user: null });
134
138
  }
135
- const serialized = serializeUser(result.user);
136
- return c.json({ user: serialized, expiresAt: result.expiresAt });
139
+ return c.json({ user: serializeUser(result.user), expiresAt: result.expiresAt });
137
140
  }
138
141
  catch {
139
142
  return c.json({ user: null });
@@ -207,40 +210,38 @@ export const useAuth = (options) => {
207
210
  }
208
211
  }
209
212
  const user = await signup.createUser({ email, password, name });
210
- if (!adapter.createSession) {
211
- throw new Error("Adapter does not support session creation");
212
- }
213
- const session = await adapter.createSession(user.id, sessionRequestMeta(c));
214
- setCookie(c, cookieName, session.id, toCookieOptions({
215
- ...finalCookieOptions,
216
- expires: session.expiresAt,
217
- }));
213
+ const issued = await issueLogin(c, user.id);
214
+ if (!issued) {
215
+ throw new UnauthorizedError("Failed to create session");
216
+ }
218
217
  await onSignup?.(user, c);
219
- return c.json({ user: { id: user.id, email: user.email, name: user.name } });
218
+ // Preserve the original `user` shape; merge in any session/token artifacts.
219
+ const body = {
220
+ user: { id: user.id, email: user.email, name: user.name },
221
+ };
222
+ if (issued.body.sessionId)
223
+ body.sessionId = issued.body.sessionId;
224
+ if (issued.body.accessToken) {
225
+ body.accessToken = issued.body.accessToken;
226
+ body.expiresIn = issued.body.expiresIn;
227
+ body.tokenType = "Bearer";
228
+ }
229
+ return c.json(body);
220
230
  });
221
231
  }
222
232
  router.post("/logout", async (c) => {
223
233
  try {
224
- const credentials = adapter.extractCredentials(c);
225
234
  let user = null;
226
- if (credentials) {
227
- const result = await adapter.validateCredentials(credentials);
228
- if (result.success && result.user) {
229
- user = result.user;
230
- }
231
- const sessionToken = credentials.sessionId ?? credentials.token;
232
- if (sessionToken) {
233
- await adapter.invalidateSession(sessionToken);
234
- }
235
+ const result = await strategy.authenticate(c);
236
+ if (result.success && result.user) {
237
+ user = result.user;
235
238
  }
236
- deleteCookie(c, cookieName);
237
- deleteCookie(c, "connect.sid");
238
- deleteCookie(c, "session");
239
+ await strategy.logout(c);
239
240
  await onLogout?.(user, c);
240
241
  return c.json({ success: true });
241
242
  }
242
243
  catch {
243
- deleteCookie(c, cookieName);
244
+ await strategy.logout(c).catch(() => { });
244
245
  return c.json({ success: true });
245
246
  }
246
247
  });
@@ -308,8 +309,8 @@ export const useAuth = (options) => {
308
309
  await passwordReset.resetPassword(email, passwordHash);
309
310
  if (passwordReset.logoutEverywhere && passwordReset.findUserByEmail) {
310
311
  const user = await passwordReset.findUserByEmail(email);
311
- if (user && adapter.invalidateUserSessions) {
312
- await adapter.invalidateUserSessions(user.id);
312
+ if (user && strategy.invalidateUserSessions) {
313
+ await strategy.invalidateUserSessions(user.id);
313
314
  }
314
315
  }
315
316
  return c.json({ success: true });
@@ -317,12 +318,9 @@ export const useAuth = (options) => {
317
318
  }
318
319
  if (mfa) {
319
320
  const requireCurrentUser = async (c) => {
320
- const credentials = adapter.extractCredentials(c);
321
- if (credentials) {
322
- const result = await adapter.validateCredentials(credentials);
323
- if (result.success && result.user) {
324
- return result.user;
325
- }
321
+ const result = await strategy.authenticate(c);
322
+ if (result.success && result.user) {
323
+ return result.user;
326
324
  }
327
325
  throw new UnauthorizedError("Authentication required");
328
326
  };
@@ -424,6 +422,18 @@ export const useAuth = (options) => {
424
422
  return c.json(result);
425
423
  });
426
424
  }
425
+ if (social) {
426
+ const socialRouter = createSocialRouter(social, {
427
+ completeLogin,
428
+ cookieSecure: finalCookieOptions.secure,
429
+ cookiePath: finalCookieOptions.path,
430
+ });
431
+ router.route(social.basePath ?? "/social", socialRouter);
432
+ }
433
+ // Strategy-owned routes (e.g. JWT `/refresh`).
434
+ if (strategy.getRoutes) {
435
+ router.route("/", strategy.getRoutes());
436
+ }
427
437
  return { router, middleware };
428
438
  };
429
439
  export const createAuthRoutes = useAuth;