create-authhero 0.41.2 → 0.43.0

package/dist/local/src/app.ts

@@ -16,7 +16,7 @@ const widgetPath = path.resolve(
 
 const adminDistPath = path.resolve(
   __dirname,
-  "../node_modules/@authhero/react-admin/dist",
+  "../node_modules/@authhero/admin/dist",
 );
 const adminIndexPath = path.join(adminDistPath, "index.html");
 

package/dist/local/src/index.ts

@@ -27,7 +27,14 @@ function ensureCertificates() {
       execFileSync("which", ["mkcert"], { stdio: "ignore" });
       execFileSync(
         "mkcert",
-        ["-key-file", keyPath, "-cert-file", certPath, "localhost", "127.0.0.1"],
+        [
+          "-key-file",
+          keyPath,
+          "-cert-file",
+          certPath,
+          "localhost",
+          "127.0.0.1",
+        ],
         { stdio: "inherit" },
       );
       console.log("✅ Certificates generated with mkcert");

package/dist/proxy/README.md

@@ -0,0 +1,54 @@
+# AuthHero Proxy
+
+A Cloudflare Worker that proxies incoming requests to upstream services based on the request's `Host` header. Built on [@authhero/proxy](https://www.npmjs.com/package/@authhero/proxy).
+
+## Configure your routes
+
+Edit [src/proxy.config.ts](src/proxy.config.ts) to map each public hostname to one or more upstream routes. Path patterns support `*` and `:param` segments, and routes are matched in priority order (lower wins).
+
+```ts
+export const proxyConfig: StaticProxyAdapterOptions = {
+  hosts: {
+    "id.example.com": {
+      tenant_id: "example",
+      routes: [
+        {
+          path_pattern: "/*",
+          upstream_type: "http",
+          upstream_url: "https://upstream.example.com",
+        },
+      ],
+    },
+  },
+};
+```
+
+## Caching
+
+Resolved hosts are cached in-memory per Worker isolate with a stale-while-revalidate strategy:
+
+- **Fresh** for 5 minutes — served directly from cache.
+- **Stale** for the next hour — served from cache while a background refresh runs.
+- **Negative** (host not found) — cached for 30 seconds so newly-added hosts come online quickly.
+
+For the static adapter the "refresh" is just a re-read of the in-memory config, so the SWR window mainly matters when you swap to an HTTP- or database-backed adapter.
+
+## Develop locally
+
+```bash
+npm run dev
+```
+
+The worker is served at `http://localhost:8787`. To exercise a specific host, send the `Host` header:
+
+```bash
+curl http://localhost:8787/login -H "Host: id.example.com"
+```
+
+## Deploy
+
+```bash
+npm run deploy
+```
+
+Add a custom-domain route in `wrangler.toml` for each hostname you've configured, or attach the worker to existing routes in the Cloudflare dashboard.

package/dist/proxy/src/index.ts

@@ -0,0 +1,40 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+import {
+  createProxyApp,
+  createStaticProxyAdapter,
+} from "@authhero/proxy";
+import { proxyConfig } from "./proxy.config";
+
+// AsyncLocalStorage threads each request's ExecutionContext through to the
+// host cache so background SWR refreshes keep running after the response
+// returns. Requires the `nodejs_compat` compatibility flag.
+interface RequestCtx {
+  waitUntil: (promise: Promise<unknown>) => void;
+}
+const requestCtx = new AsyncLocalStorage<RequestCtx>();
+
+const data = createStaticProxyAdapter(proxyConfig);
+
+const app = createProxyApp({
+  data,
+  cache: {
+    // Serve cached values directly for 5 minutes.
+    freshTtlMs: 5 * 60_000,
+    // For the next hour, keep serving the cached value and refresh in the
+    // background. After that, the next request blocks on a fresh fetch.
+    staleTtlMs: 60 * 60_000,
+    // Don't cache "host not found" for as long — new hosts should become
+    // reachable quickly after being added to the config.
+    negativeTtlMs: 30_000,
+    waitUntil: (promise) => requestCtx.getStore()?.waitUntil(promise),
+  },
+});
+
+export default {
+  fetch(request: Request, _env: unknown, ctx: ExecutionContext) {
+    return requestCtx.run(
+      { waitUntil: ctx.waitUntil.bind(ctx) },
+      () => app.fetch(request),
+    );
+  },
+};

package/dist/proxy/src/proxy.config.ts

@@ -0,0 +1,22 @@
+import type { StaticProxyAdapterOptions } from "@authhero/proxy";
+
+// Map each public hostname to the routes the proxy should serve for it.
+// Routes are matched in priority order (lower priority wins). The path
+// pattern supports `*` and `:param` segments.
+//
+// Edit this file to add your hosts, then re-deploy.
+export const proxyConfig: StaticProxyAdapterOptions = {
+  hosts: {
+    "id.example.com": {
+      tenant_id: "example",
+      routes: [
+        {
+          path_pattern: "/*",
+          upstream_type: "http",
+          upstream_url: "https://upstream.example.com",
+          preserve_host: false,
+        },
+      ],
+    },
+  },
+};

package/dist/proxy/tsconfig.json

@@ -0,0 +1,14 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "types": ["@cloudflare/workers-types", "node"]
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules"]
+}

package/dist/proxy/wrangler.toml

@@ -0,0 +1,22 @@
+# ════════════════════════════════════════════════════════════════════════════
+# AuthHero Proxy — Cloudflare Worker Configuration
+# ════════════════════════════════════════════════════════════════════════════
+
+name = "authhero-proxy"
+main = "src/index.ts"
+compatibility_date = "2025-05-23"
+compatibility_flags = ["nodejs_compat"]
+
+# ════════════════════════════════════════════════════════════════════════════
+# OPTIONAL: Custom Domains
+# ════════════════════════════════════════════════════════════════════════════
+# Route the public hostnames you configured in src/proxy.config.ts to this
+# worker. Each host should be a custom domain (or have a route added) in your
+# Cloudflare account.
+#
+# [[routes]]
+# pattern = "id.example.com"
+# custom_domain = true
+
+[observability]
+enabled = true

package/package.json

@@ -5,7 +5,7 @@
     "type": "git",
     "url": "https://github.com/markusahlstrand/authhero"
   },
-  "version": "0.41.2",
+  "version": "0.43.0",
   "type": "module",
   "main": "dist/create-authhero.js",
   "bin": {
@@ -19,10 +19,10 @@
     "@rollup/plugin-commonjs": "^26.0.1",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/inquirer": "^9.0.7",
-    "@types/node": "^20.14.9",
-    "tsx": "^4.19.4",
+    "@types/node": "^20.19.41",
+    "tsx": "^4.22.3",
     "typescript": "^5.5.2",
-    "vite": "^5.3.2"
+    "vite": "^8.0.14"
   },
   "dependencies": {
     "commander": "^12.1.0",