create-croissant 0.1.8 → 0.1.9

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/atlassian.ts

@@ -1,133 +0,0 @@
-import { betterFetch } from "@better-fetch/fetch";
-import { logger } from "../env";
-import { BetterAuthError } from "../error";
-import type { OAuthProvider, ProviderOptions } from "../oauth2";
-import {
-	createAuthorizationURL,
-	refreshAccessToken,
-	validateAuthorizationCode,
-} from "../oauth2";
-
-export interface AtlassianProfile {
-	account_type?: string | undefined;
-	account_id: string;
-	email?: string | undefined;
-	name: string;
-	picture?: string | undefined;
-	nickname?: string | undefined;
-	locale?: string | undefined;
-	extended_profile?:
-		| {
-				job_title?: string;
-				organization?: string;
-				department?: string;
-				location?: string;
-		  }
-		| undefined;
-}
-export interface AtlassianOptions extends ProviderOptions<AtlassianProfile> {
-	clientId: string;
-}
-
-export const atlassian = (options: AtlassianOptions) => {
-	const tokenEndpoint = "https://auth.atlassian.com/oauth/token";
-	return {
-		id: "atlassian",
-		name: "Atlassian",
-
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			if (!options.clientId || !options.clientSecret) {
-				logger.error("Client Id and Secret are required for Atlassian");
-				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-			if (!codeVerifier) {
-				throw new BetterAuthError("codeVerifier is required for Atlassian");
-			}
-
-			const _scopes = options.disableDefaultScope
-				? []
-				: ["read:jira-user", "offline_access"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-
-			return createAuthorizationURL({
-				id: "atlassian",
-				options,
-				authorizationEndpoint: "https://auth.atlassian.com/authorize",
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-				additionalParams: {
-					audience: "api.atlassian.com",
-				},
-				prompt: options.prompt,
-			});
-		},
-
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint,
-			});
-		},
-
-		refreshAccessToken: options.refreshAccessToken
-			? options.refreshAccessToken
-			: async (refreshToken) => {
-					return refreshAccessToken({
-						refreshToken,
-						options: {
-							clientId: options.clientId,
-							clientSecret: options.clientSecret,
-						},
-						tokenEndpoint,
-					});
-				},
-
-		async getUserInfo(token) {
-			if (options.getUserInfo) {
-				return options.getUserInfo(token);
-			}
-
-			if (!token.accessToken) {
-				return null;
-			}
-
-			try {
-				const { data: profile } = await betterFetch<{
-					account_id: string;
-					name: string;
-					email?: string | undefined;
-					picture?: string | undefined;
-				}>("https://api.atlassian.com/me", {
-					headers: { Authorization: `Bearer ${token.accessToken}` },
-				});
-
-				if (!profile) return null;
-
-				const userMap = await options.mapProfileToUser?.(profile);
-
-				return {
-					user: {
-						id: profile.account_id,
-						name: profile.name,
-						email: profile.email,
-						image: profile.picture,
-						emailVerified: false,
-						...userMap,
-					},
-					data: profile,
-				};
-			} catch (error) {
-				logger.error("Failed to fetch user info from Figma:", error);
-				return null;
-			}
-		},
-
-		options,
-	} satisfies OAuthProvider<AtlassianProfile>;
-};

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/cognito.ts

@@ -1,281 +0,0 @@
-import { betterFetch } from "@better-fetch/fetch";
-import { decodeJwt, decodeProtectedHeader, importJWK, jwtVerify } from "jose";
-import { logger } from "../env";
-import { APIError, BetterAuthError } from "../error";
-import type { OAuthProvider, ProviderOptions } from "../oauth2";
-import {
-	createAuthorizationURL,
-	getPrimaryClientId,
-	refreshAccessToken,
-	validateAuthorizationCode,
-} from "../oauth2";
-
-export interface CognitoProfile {
-	sub: string;
-	email: string;
-	email_verified: boolean;
-	name: string;
-	given_name?: string | undefined;
-	family_name?: string | undefined;
-	picture?: string | undefined;
-	username?: string | undefined;
-	locale?: string | undefined;
-	phone_number?: string | undefined;
-	phone_number_verified?: boolean | undefined;
-	aud: string;
-	iss: string;
-	exp: number;
-	iat: number;
-	// Custom attributes from Cognito can be added here
-	[key: string]: any;
-}
-
-export interface CognitoOptions extends ProviderOptions<CognitoProfile> {
-	clientId: string | string[];
-	/**
-	 * The Cognito domain (e.g., "your-app.auth.us-east-1.amazoncognito.com")
-	 */
-	domain: string;
-	/**
-	 * AWS region where User Pool is hosted (e.g., "us-east-1")
-	 */
-	region: string;
-	userPoolId: string;
-	requireClientSecret?: boolean | undefined;
-}
-
-export const cognito = (options: CognitoOptions) => {
-	if (!options.domain || !options.region || !options.userPoolId) {
-		logger.error(
-			"Domain, region and userPoolId are required for Amazon Cognito. Make sure to provide them in the options.",
-		);
-		throw new BetterAuthError("DOMAIN_AND_REGION_REQUIRED");
-	}
-
-	const cleanDomain = options.domain.replace(/^https?:\/\//, "");
-	const authorizationEndpoint = `https://${cleanDomain}/oauth2/authorize`;
-	const tokenEndpoint = `https://${cleanDomain}/oauth2/token`;
-	const userInfoEndpoint = `https://${cleanDomain}/oauth2/userinfo`;
-
-	return {
-		id: "cognito",
-		name: "Cognito",
-		async createAuthorizationURL({ state, scopes, codeVerifier, redirectURI }) {
-			if (!getPrimaryClientId(options.clientId)) {
-				logger.error(
-					"ClientId is required for Amazon Cognito. Make sure to provide them in the options.",
-				);
-				throw new BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");
-			}
-
-			if (options.requireClientSecret && !options.clientSecret) {
-				logger.error(
-					"Client Secret is required when requireClientSecret is true. Make sure to provide it in the options.",
-				);
-				throw new BetterAuthError("CLIENT_SECRET_REQUIRED");
-			}
-			const _scopes = options.disableDefaultScope
-				? []
-				: ["openid", "profile", "email"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-
-			const url = await createAuthorizationURL({
-				id: "cognito",
-				options: {
-					...options,
-				},
-				authorizationEndpoint,
-				scopes: _scopes,
-				state,
-				codeVerifier,
-				redirectURI,
-				prompt: options.prompt,
-			});
-			// AWS Cognito requires scopes to be encoded with %20 instead of +
-			// URLSearchParams encodes spaces as + by default, so we need to fix this
-			const scopeValue = url.searchParams.get("scope");
-			if (scopeValue) {
-				url.searchParams.delete("scope");
-				const encodedScope = encodeURIComponent(scopeValue);
-				// Manually append the scope with proper encoding to the URL
-				const urlString = url.toString();
-				const separator = urlString.includes("?") ? "&" : "?";
-				return new URL(`${urlString}${separator}scope=${encodedScope}`);
-			}
-			return url;
-		},
-
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint,
-			});
-		},
-
-		refreshAccessToken: options.refreshAccessToken
-			? options.refreshAccessToken
-			: async (refreshToken) => {
-					return refreshAccessToken({
-						refreshToken,
-						options: {
-							clientId: options.clientId,
-							clientKey: options.clientKey,
-							clientSecret: options.clientSecret,
-						},
-						tokenEndpoint,
-					});
-				},
-
-		async verifyIdToken(token, nonce) {
-			if (options.disableIdTokenSignIn) {
-				return false;
-			}
-			if (options.verifyIdToken) {
-				return options.verifyIdToken(token, nonce);
-			}
-
-			try {
-				const decodedHeader = decodeProtectedHeader(token);
-				const { kid, alg: jwtAlg } = decodedHeader;
-				if (!kid || !jwtAlg) return false;
-
-				const publicKey = await getCognitoPublicKey(
-					kid,
-					options.region,
-					options.userPoolId,
-				);
-				const expectedIssuer = `https://cognito-idp.${options.region}.amazonaws.com/${options.userPoolId}`;
-
-				const { payload: jwtClaims } = await jwtVerify(token, publicKey, {
-					algorithms: [jwtAlg],
-					issuer: expectedIssuer,
-					audience: options.clientId,
-					maxTokenAge: "1h",
-				});
-
-				if (nonce && jwtClaims.nonce !== nonce) {
-					return false;
-				}
-				return true;
-			} catch (error) {
-				logger.error("Failed to verify ID token:", error);
-				return false;
-			}
-		},
-
-		async getUserInfo(token) {
-			if (options.getUserInfo) {
-				return options.getUserInfo(token);
-			}
-
-			if (token.idToken) {
-				try {
-					const profile = decodeJwt<CognitoProfile>(token.idToken);
-					if (!profile) {
-						return null;
-					}
-					const name =
-						profile.name || profile.given_name || profile.username || "";
-					const enrichedProfile = {
-						...profile,
-						name,
-					};
-					const userMap = await options.mapProfileToUser?.(enrichedProfile);
-
-					return {
-						user: {
-							id: profile.sub,
-							name: enrichedProfile.name,
-							email: profile.email,
-							image: profile.picture,
-							emailVerified: profile.email_verified,
-							...userMap,
-						},
-						data: enrichedProfile,
-					};
-				} catch (error) {
-					logger.error("Failed to decode ID token:", error);
-				}
-			}
-
-			if (token.accessToken) {
-				try {
-					const { data: userInfo } = await betterFetch<CognitoProfile>(
-						userInfoEndpoint,
-						{
-							headers: {
-								Authorization: `Bearer ${token.accessToken}`,
-							},
-						},
-					);
-
-					if (userInfo) {
-						const userMap = await options.mapProfileToUser?.(userInfo);
-						return {
-							user: {
-								id: userInfo.sub,
-								name:
-									userInfo.name ||
-									userInfo.given_name ||
-									userInfo.username ||
-									"",
-								email: userInfo.email,
-								image: userInfo.picture,
-								emailVerified: userInfo.email_verified,
-								...userMap,
-							},
-							data: userInfo,
-						};
-					}
-				} catch (error) {
-					logger.error("Failed to fetch user info from Cognito:", error);
-				}
-			}
-
-			return null;
-		},
-
-		options,
-	} satisfies OAuthProvider<CognitoProfile>;
-};
-
-export const getCognitoPublicKey = async (
-	kid: string,
-	region: string,
-	userPoolId: string,
-) => {
-	const COGNITO_JWKS_URI = `https://cognito-idp.${region}.amazonaws.com/${userPoolId}/.well-known/jwks.json`;
-
-	try {
-		const { data } = await betterFetch<{
-			keys: Array<{
-				kid: string;
-				alg: string;
-				kty: string;
-				use: string;
-				n: string;
-				e: string;
-			}>;
-		}>(COGNITO_JWKS_URI);
-
-		if (!data?.keys) {
-			throw new APIError("BAD_REQUEST", {
-				message: "Keys not found",
-			});
-		}
-
-		const jwk = data.keys.find((key) => key.kid === kid);
-		if (!jwk) {
-			throw new Error(`JWK with kid ${kid} not found`);
-		}
-
-		return await importJWK(jwk, jwk.alg);
-	} catch (error) {
-		logger.error("Failed to fetch Cognito public key:", error);
-		throw error;
-	}
-};

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/discord.ts

@@ -1,170 +0,0 @@
-import { betterFetch } from "@better-fetch/fetch";
-import type { OAuthProvider, ProviderOptions } from "../oauth2";
-import { refreshAccessToken, validateAuthorizationCode } from "../oauth2";
-export interface DiscordProfile extends Record<string, any> {
-	/** the user's id (i.e. the numerical snowflake) */
-	id: string;
-	/** the user's username, not unique across the platform */
-	username: string;
-	/** the user's Discord-tag */
-	discriminator: string;
-	/** the user's display name, if it is set  */
-	global_name: string | null;
-	/**
-	 * the user's avatar hash:
-	 * https://discord.com/developers/docs/reference#image-formatting
-	 */
-	avatar: string | null;
-	/** whether the user belongs to an OAuth2 application */
-	bot?: boolean | undefined;
-	/**
-	 * whether the user is an Official Discord System user (part of the urgent
-	 * message system)
-	 */
-	system?: boolean | undefined;
-	/** whether the user has two factor enabled on their account */
-	mfa_enabled: boolean;
-	/**
-	 * the user's banner hash:
-	 * https://discord.com/developers/docs/reference#image-formatting
-	 */
-	banner: string | null;
-
-	/** the user's banner color encoded as an integer representation of hexadecimal color code */
-	accent_color: number | null;
-
-	/**
-	 * the user's chosen language option:
-	 * https://discord.com/developers/docs/reference#locales
-	 */
-	locale: string;
-	/** whether the email on this account has been verified */
-	verified: boolean;
-	/** the user's email */
-	email: string;
-	/**
-	 * the flags on a user's account:
-	 * https://discord.com/developers/docs/resources/user#user-object-user-flags
-	 */
-	flags: number;
-	/**
-	 * the type of Nitro subscription on a user's account:
-	 * https://discord.com/developers/docs/resources/user#user-object-premium-types
-	 */
-	premium_type: number;
-	/**
-	 * the public flags on a user's account:
-	 * https://discord.com/developers/docs/resources/user#user-object-user-flags
-	 */
-	public_flags: number;
-	/** undocumented field; corresponds to the user's custom nickname */
-	display_name: string | null;
-	/**
-	 * undocumented field; corresponds to the Discord feature where you can e.g.
-	 * put your avatar inside of an ice cube
-	 */
-	avatar_decoration: string | null;
-	/**
-	 * undocumented field; corresponds to the premium feature where you can
-	 * select a custom banner color
-	 */
-	banner_color: string | null;
-	/** undocumented field; the CDN URL of their profile picture */
-	image_url: string;
-}
-
-export interface DiscordOptions extends ProviderOptions<DiscordProfile> {
-	clientId: string;
-	prompt?: ("none" | "consent") | undefined;
-	permissions?: number | undefined;
-}
-
-export const discord = (options: DiscordOptions) => {
-	const tokenEndpoint = "https://discord.com/api/oauth2/token";
-	return {
-		id: "discord",
-		name: "Discord",
-		createAuthorizationURL({ state, scopes, redirectURI }) {
-			const _scopes = options.disableDefaultScope ? [] : ["identify", "email"];
-			if (scopes) _scopes.push(...scopes);
-			if (options.scope) _scopes.push(...options.scope);
-			const hasBotScope = _scopes.includes("bot");
-			const permissionsParam =
-				hasBotScope && options.permissions !== undefined
-					? `&permissions=${options.permissions}`
-					: "";
-			return new URL(
-				`https://discord.com/api/oauth2/authorize?scope=${_scopes.join(
-					"+",
-				)}&response_type=code&client_id=${
-					options.clientId
-				}&redirect_uri=${encodeURIComponent(
-					options.redirectURI || redirectURI,
-				)}&state=${state}&prompt=${
-					options.prompt || "none"
-				}${permissionsParam}`,
-			);
-		},
-		validateAuthorizationCode: async ({ code, redirectURI }) => {
-			return validateAuthorizationCode({
-				code,
-				redirectURI,
-				options,
-				tokenEndpoint,
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken
-			? options.refreshAccessToken
-			: async (refreshToken) => {
-					return refreshAccessToken({
-						refreshToken,
-						options: {
-							clientId: options.clientId,
-							clientKey: options.clientKey,
-							clientSecret: options.clientSecret,
-						},
-						tokenEndpoint,
-					});
-				},
-		async getUserInfo(token) {
-			if (options.getUserInfo) {
-				return options.getUserInfo(token);
-			}
-			const { data: profile, error } = await betterFetch<DiscordProfile>(
-				"https://discord.com/api/users/@me",
-				{
-					headers: {
-						authorization: `Bearer ${token.accessToken}`,
-					},
-				},
-			);
-
-			if (error) {
-				return null;
-			}
-			if (profile.avatar === null) {
-				const defaultAvatarNumber =
-					profile.discriminator === "0"
-						? Number(BigInt(profile.id) >> BigInt(22)) % 6
-						: parseInt(profile.discriminator) % 5;
-				profile.image_url = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNumber}.png`;
-			} else {
-				const format = profile.avatar.startsWith("a_") ? "gif" : "png";
-				profile.image_url = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
-			}
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.id,
-					name: profile.global_name || profile.username || "",
-					email: profile.email,
-					emailVerified: profile.verified,
-					image: profile.image_url,
-					...userMap,
-				},
-				data: profile,
-			};
-		},
-		options,
-	} satisfies OAuthProvider<DiscordProfile>;
-};

package/template/apps/web/node_modules/@better-auth/core/src/social-providers/dropbox.ts

@@ -1,112 +0,0 @@
-import { betterFetch } from "@better-fetch/fetch";
-import type { OAuthProvider, ProviderOptions } from "../oauth2";
-import {
-	createAuthorizationURL,
-	refreshAccessToken,
-	validateAuthorizationCode,
-} from "../oauth2";
-
-export interface DropboxProfile {
-	account_id: string;
-	name: {
-		given_name: string;
-		surname: string;
-		familiar_name: string;
-		display_name: string;
-		abbreviated_name: string;
-	};
-	email: string;
-	email_verified: boolean;
-	profile_photo_url: string;
-}
-
-export interface DropboxOptions extends ProviderOptions<DropboxProfile> {
-	clientId: string;
-	accessType?: ("offline" | "online" | "legacy") | undefined;
-}
-
-export const dropbox = (options: DropboxOptions) => {
-	const tokenEndpoint = "https://api.dropboxapi.com/oauth2/token";
-
-	return {
-		id: "dropbox",
-		name: "Dropbox",
-		createAuthorizationURL: async ({
-			state,
-			scopes,
-			codeVerifier,
-			redirectURI,
-		}) => {
-			const _scopes = options.disableDefaultScope ? [] : ["account_info.read"];
-			if (options.scope) _scopes.push(...options.scope);
-			if (scopes) _scopes.push(...scopes);
-			const additionalParams: Record<string, string> = {};
-			if (options.accessType) {
-				additionalParams.token_access_type = options.accessType;
-			}
-			return await createAuthorizationURL({
-				id: "dropbox",
-				options,
-				authorizationEndpoint: "https://www.dropbox.com/oauth2/authorize",
-				scopes: _scopes,
-				state,
-				redirectURI,
-				codeVerifier,
-				additionalParams,
-			});
-		},
-		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
-			return await validateAuthorizationCode({
-				code,
-				codeVerifier,
-				redirectURI,
-				options,
-				tokenEndpoint,
-			});
-		},
-		refreshAccessToken: options.refreshAccessToken
-			? options.refreshAccessToken
-			: async (refreshToken) => {
-					return refreshAccessToken({
-						refreshToken,
-						options: {
-							clientId: options.clientId,
-							clientKey: options.clientKey,
-							clientSecret: options.clientSecret,
-						},
-						tokenEndpoint,
-					});
-				},
-		async getUserInfo(token) {
-			if (options.getUserInfo) {
-				return options.getUserInfo(token);
-			}
-			const { data: profile, error } = await betterFetch<DropboxProfile>(
-				"https://api.dropboxapi.com/2/users/get_current_account",
-				{
-					method: "POST",
-					headers: {
-						Authorization: `Bearer ${token.accessToken}`,
-					},
-				},
-			);
-
-			if (error) {
-				return null;
-			}
-			const userMap = await options.mapProfileToUser?.(profile);
-			return {
-				user: {
-					id: profile.account_id,
-					name: profile.name?.display_name,
-					email: profile.email,
-					emailVerified: profile.email_verified || false,
-					image: profile.profile_photo_url,
-					...userMap,
-				},
-				data: profile,
-			};
-		},
-		options,
-	} satisfies OAuthProvider<DropboxProfile>;
-};