npm - create-croissant - Versions diffs - 0.1.0 → 0.1.1 - Mend

create-croissant 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (588) hide show

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/facebook.ts ADDED Viewed

@@ -0,0 +1,206 @@
+import { betterFetch } from "@better-fetch/fetch";
+import { createRemoteJWKSet, decodeJwt, jwtVerify } from "jose";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import {
+	createAuthorizationURL,
+	refreshAccessToken,
+	validateAuthorizationCode,
+} from "../oauth2";
+export interface FacebookProfile {
+	id: string;
+	name: string;
+	email: string;
+	email_verified: boolean;
+	picture: {
+		data: {
+			height: number;
+			is_silhouette: boolean;
+			url: string;
+			width: number;
+		};
+	};
+}
+export interface FacebookOptions extends ProviderOptions<FacebookProfile> {
+	clientId: string;
+	/**
+	 * Extend list of fields to retrieve from the Facebook user profile.
+	 *
+	 * @default ["id", "name", "email", "picture"]
+	 */
+	fields?: string[] | undefined;
+	/**
+	 * The config id to use when undergoing oauth
+	 */
+	configId?: string | undefined;
+}
+export const facebook = (options: FacebookOptions) => {
+	return {
+		id: "facebook",
+		name: "Facebook",
+		async createAuthorizationURL({ state, scopes, redirectURI, loginHint }) {
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["email", "public_profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await createAuthorizationURL({
+				id: "facebook",
+				options,
+				authorizationEndpoint: "https://www.facebook.com/v24.0/dialog/oauth",
+				scopes: _scopes,
+				state,
+				redirectURI,
+				loginHint,
+				additionalParams: options.configId
+					? {
+							config_id: options.configId,
+						}
+					: {},
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://graph.facebook.com/v24.0/oauth/access_token",
+			});
+		},
+		async verifyIdToken(token, nonce) {
+			if (options.disableIdTokenSignIn) {
+				return false;
+			}
+			if (options.verifyIdToken) {
+				return options.verifyIdToken(token, nonce);
+			}
+			/* limited login */
+			// check is limited token
+			if (token.split(".").length === 3) {
+				try {
+					const { payload: jwtClaims } = await jwtVerify(
+						token,
+						createRemoteJWKSet(
+							// https://developers.facebook.com/docs/facebook-login/limited-login/token/#jwks
+							new URL(
+								"https://limited.facebook.com/.well-known/oauth/openid/jwks/",
+							),
+						),
+						{
+							algorithms: ["RS256"],
+							audience: options.clientId,
+							issuer: "https://www.facebook.com",
+						},
+					);
+					if (nonce && jwtClaims.nonce !== nonce) {
+						return false;
+					}
+					return !!jwtClaims;
+				} catch {
+					return false;
+				}
+			}
+			/* access_token */
+			return true;
+		},
+		refreshAccessToken: options.refreshAccessToken
+			? options.refreshAccessToken
+			: async (refreshToken) => {
+					return refreshAccessToken({
+						refreshToken,
+						options: {
+							clientId: options.clientId,
+							clientKey: options.clientKey,
+							clientSecret: options.clientSecret,
+						},
+						tokenEndpoint:
+							"https://graph.facebook.com/v24.0/oauth/access_token",
+					});
+				},
+		async getUserInfo(token) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(token);
+			}
+			if (token.idToken && token.idToken.split(".").length === 3) {
+				const profile = decodeJwt(token.idToken) as {
+					sub: string;
+					email: string;
+					name: string;
+					picture: string;
+				};
+				const user = {
+					id: profile.sub,
+					name: profile.name,
+					email: profile.email,
+					picture: {
+						data: {
+							url: profile.picture,
+							height: 100,
+							width: 100,
+							is_silhouette: false,
+						},
+					},
+				};
+				// https://developers.facebook.com/docs/facebook-login/limited-login/permissions
+				// Facebook ID token does not include email_verified claim.
+				// We default to false for security consistency.
+				const userMap = await options.mapProfileToUser?.({
+					...user,
+					email_verified: false,
+				});
+				return {
+					user: {
+						...user,
+						emailVerified: false,
+						...userMap,
+					},
+					data: profile,
+				};
+			}
+			const fields = [
+				"id",
+				"name",
+				"email",
+				"picture",
+				...(options?.fields || []),
+			];
+			const { data: profile, error } = await betterFetch<FacebookProfile>(
+				"https://graph.facebook.com/me?fields=" + fields.join(","),
+				{
+					auth: {
+						type: "Bearer",
+						token: token.accessToken,
+					},
+				},
+			);
+			if (error) {
+				return null;
+			}
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.name,
+					email: profile.email,
+					image: profile.picture.data.url,
+					emailVerified: profile.email_verified,
+					...userMap,
+				},
+				data: profile,
+			};
+		},
+		options,
+	} satisfies OAuthProvider<FacebookProfile>;
+};

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/figma.ts ADDED Viewed

@@ -0,0 +1,118 @@
+import { betterFetch } from "@better-fetch/fetch";
+import { logger } from "../env";
+import { BetterAuthError } from "../error";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import {
+	createAuthorizationURL,
+	refreshAccessToken,
+	validateAuthorizationCode,
+} from "../oauth2";
+export interface FigmaProfile {
+	id: string;
+	email: string;
+	handle: string;
+	img_url: string;
+}
+export interface FigmaOptions extends ProviderOptions<FigmaProfile> {
+	clientId: string;
+}
+export const figma = (options: FigmaOptions) => {
+	const tokenEndpoint = "https://api.figma.com/v1/oauth/token";
+	return {
+		id: "figma",
+		name: "Figma",
+		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
+			if (!options.clientId || !options.clientSecret) {
+				logger.error(
+					"Client Id and Client Secret are required for Figma. Make sure to provide them in the options.",
+				);
+				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
+			}
+			if (!codeVerifier) {
+				throw new BetterAuthError("codeVerifier is required for Figma");
+			}
+			const _scopes = options.disableDefaultScope ? [] : ["current_user:read"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			const url = await createAuthorizationURL({
+				id: "figma",
+				options,
+				authorizationEndpoint: "https://www.figma.com/oauth",
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI,
+			});
+			return url;
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+				tokenEndpoint,
+				authentication: "basic",
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken
+			? options.refreshAccessToken
+			: async (refreshToken) => {
+					return refreshAccessToken({
+						refreshToken,
+						options: {
+							clientId: options.clientId,
+							clientKey: options.clientKey,
+							clientSecret: options.clientSecret,
+						},
+						tokenEndpoint,
+						authentication: "basic",
+					});
+				},
+		async getUserInfo(token) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(token);
+			}
+			try {
+				const { data: profile } = await betterFetch<FigmaProfile>(
+					"https://api.figma.com/v1/me",
+					{
+						headers: {
+							Authorization: `Bearer ${token.accessToken}`,
+						},
+					},
+				);
+				if (!profile) {
+					logger.error("Failed to fetch user from Figma");
+					return null;
+				}
+				const userMap = await options.mapProfileToUser?.(profile);
+				return {
+					user: {
+						id: profile.id,
+						name: profile.handle,
+						email: profile.email,
+						image: profile.img_url,
+						emailVerified: false,
+						...userMap,
+					},
+					data: profile,
+				};
+			} catch (error) {
+				logger.error("Failed to fetch user info from Figma:", error);
+				return null;
+			}
+		},
+		options,
+	} satisfies OAuthProvider<FigmaProfile>;
+};

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/github.ts ADDED Viewed

@@ -0,0 +1,184 @@
+import { betterFetch } from "@better-fetch/fetch";
+import { logger } from "../env";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import {
+	createAuthorizationURL,
+	getOAuth2Tokens,
+	refreshAccessToken,
+} from "../oauth2";
+import { createAuthorizationCodeRequest } from "../oauth2/validate-authorization-code";
+export interface GithubProfile {
+	login: string;
+	id: string;
+	node_id: string;
+	avatar_url: string;
+	gravatar_id: string;
+	url: string;
+	html_url: string;
+	followers_url: string;
+	following_url: string;
+	gists_url: string;
+	starred_url: string;
+	subscriptions_url: string;
+	organizations_url: string;
+	repos_url: string;
+	events_url: string;
+	received_events_url: string;
+	type: string;
+	site_admin: boolean;
+	name: string;
+	company: string;
+	blog: string;
+	location: string;
+	email: string;
+	hireable: boolean;
+	bio: string;
+	twitter_username: string;
+	public_repos: string;
+	public_gists: string;
+	followers: string;
+	following: string;
+	created_at: string;
+	updated_at: string;
+	private_gists: string;
+	total_private_repos: string;
+	owned_private_repos: string;
+	disk_usage: string;
+	collaborators: string;
+	two_factor_authentication: boolean;
+	plan: {
+		name: string;
+		space: string;
+		private_repos: string;
+		collaborators: string;
+	};
+}
+export interface GithubOptions extends ProviderOptions<GithubProfile> {
+	clientId: string;
+}
+export const github = (options: GithubOptions) => {
+	const tokenEndpoint = "https://github.com/login/oauth/access_token";
+	return {
+		id: "github",
+		name: "GitHub",
+		createAuthorizationURL({
+			state,
+			scopes,
+			loginHint,
+			codeVerifier,
+			redirectURI,
+		}) {
+			const _scopes = options.disableDefaultScope
+				? []
+				: ["read:user", "user:email"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "github",
+				options,
+				authorizationEndpoint: "https://github.com/login/oauth/authorize",
+				scopes: _scopes,
+				state,
+				codeVerifier,
+				redirectURI,
+				loginHint,
+				prompt: options.prompt,
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			const { body, headers: requestHeaders } = createAuthorizationCodeRequest({
+				code,
+				codeVerifier,
+				redirectURI,
+				options,
+			});
+			const { data, error } = await betterFetch<
+				| { access_token: string; token_type: string; scope: string }
+				| { error: string; error_description?: string; error_uri?: string }
+			>(tokenEndpoint, {
+				method: "POST",
+				body: body,
+				headers: requestHeaders,
+			});
+			if (error) {
+				logger.error("GitHub OAuth token exchange failed:", error);
+				return null;
+			}
+			if ("error" in data) {
+				logger.error("GitHub OAuth token exchange failed:", data);
+				return null;
+			}
+			return getOAuth2Tokens(data);
+		},
+		refreshAccessToken: options.refreshAccessToken
+			? options.refreshAccessToken
+			: async (refreshToken) => {
+					return refreshAccessToken({
+						refreshToken,
+						options: {
+							clientId: options.clientId,
+							clientKey: options.clientKey,
+							clientSecret: options.clientSecret,
+						},
+						tokenEndpoint,
+					});
+				},
+		async getUserInfo(token) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(token);
+			}
+			const { data: profile, error } = await betterFetch<GithubProfile>(
+				"https://api.github.com/user",
+				{
+					headers: {
+						"User-Agent": "better-auth",
+						authorization: `Bearer ${token.accessToken}`,
+					},
+				},
+			);
+			if (error) {
+				return null;
+			}
+			const { data: emails } = await betterFetch<
+				{
+					email: string;
+					primary: boolean;
+					verified: boolean;
+					visibility: "public" | "private";
+				}[]
+			>("https://api.github.com/user/emails", {
+				headers: {
+					Authorization: `Bearer ${token.accessToken}`,
+					"User-Agent": "better-auth",
+				},
+			});
+			if (!profile.email && emails) {
+				profile.email = (emails.find((e) => e.primary) ?? emails[0])
+					?.email as string;
+			}
+			const emailVerified =
+				emails?.find((e) => e.email === profile.email)?.verified ?? false;
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.id,
+					name: profile.name || profile.login || "",
+					email: profile.email,
+					image: profile.avatar_url,
+					emailVerified,
+					...userMap,
+				},
+				data: profile,
+			};
+		},
+		options,
+	} satisfies OAuthProvider<GithubProfile>;
+};

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/gitlab.ts ADDED Viewed

@@ -0,0 +1,155 @@
+import { betterFetch } from "@better-fetch/fetch";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import {
+	createAuthorizationURL,
+	refreshAccessToken,
+	validateAuthorizationCode,
+} from "../oauth2";
+export interface GitlabProfile extends Record<string, any> {
+	id: number;
+	username: string;
+	email: string;
+	name: string;
+	state: string;
+	avatar_url: string;
+	web_url: string;
+	created_at: string;
+	bio: string;
+	location?: string | undefined;
+	public_email: string;
+	skype: string;
+	linkedin: string;
+	twitter: string;
+	website_url: string;
+	organization: string;
+	job_title: string;
+	pronouns: string;
+	bot: boolean;
+	work_information?: string | undefined;
+	followers: number;
+	following: number;
+	local_time: string;
+	last_sign_in_at: string;
+	confirmed_at: string;
+	theme_id: number;
+	last_activity_on: string;
+	color_scheme_id: number;
+	projects_limit: number;
+	current_sign_in_at: string;
+	identities: Array<{
+		provider: string;
+		extern_uid: string;
+	}>;
+	can_create_group: boolean;
+	can_create_project: boolean;
+	two_factor_enabled: boolean;
+	external: boolean;
+	private_profile: boolean;
+	commit_email: string;
+	shared_runners_minutes_limit: number;
+	extra_shared_runners_minutes_limit: number;
+	email_verified?: boolean | undefined;
+}
+export interface GitlabOptions extends ProviderOptions<GitlabProfile> {
+	clientId: string;
+	issuer?: string | undefined;
+}
+const cleanDoubleSlashes = (input: string = "") => {
+	return input
+		.split("://")
+		.map((str) => str.replace(/\/{2,}/g, "/"))
+		.join("://");
+};
+const issuerToEndpoints = (issuer?: string | undefined) => {
+	const baseUrl = issuer || "https://gitlab.com";
+	return {
+		authorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),
+		tokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),
+		userinfoEndpoint: cleanDoubleSlashes(`${baseUrl}/api/v4/user`),
+	};
+};
+export const gitlab = (options: GitlabOptions) => {
+	const { authorizationEndpoint, tokenEndpoint, userinfoEndpoint } =
+		issuerToEndpoints(options.issuer);
+	const issuerId = "gitlab";
+	const issuerName = "Gitlab";
+	return {
+		id: issuerId,
+		name: issuerName,
+		createAuthorizationURL: async ({
+			state,
+			scopes,
+			codeVerifier,
+			loginHint,
+			redirectURI,
+		}) => {
+			const _scopes = options.disableDefaultScope ? [] : ["read_user"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return await createAuthorizationURL({
+				id: issuerId,
+				options,
+				authorizationEndpoint,
+				scopes: _scopes,
+				state,
+				redirectURI,
+				codeVerifier,
+				loginHint,
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				codeVerifier,
+				tokenEndpoint,
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken
+			? options.refreshAccessToken
+			: async (refreshToken) => {
+					return refreshAccessToken({
+						refreshToken,
+						options: {
+							clientId: options.clientId,
+							clientKey: options.clientKey,
+							clientSecret: options.clientSecret,
+						},
+						tokenEndpoint: tokenEndpoint,
+					});
+				},
+		async getUserInfo(token) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(token);
+			}
+			const { data: profile, error } = await betterFetch<GitlabProfile>(
+				userinfoEndpoint,
+				{ headers: { authorization: `Bearer ${token.accessToken}` } },
+			);
+			if (error || profile.state !== "active" || profile.locked) {
+				return null;
+			}
+			const userMap = await options.mapProfileToUser?.(profile);
+			// GitLab may provide email_verified claim, but it's not guaranteed.
+			// We check for it first, then default to false for security consistency.
+			return {
+				user: {
+					id: profile.id,
+					name: profile.name ?? profile.username ?? "",
+					email: profile.email,
+					image: profile.avatar_url,
+					emailVerified: profile.email_verified ?? false,
+					...userMap,
+				},
+				data: profile,
+			};
+		},
+		options,
+	} satisfies OAuthProvider<GitlabProfile>;
+};