handshake-auth 0.1.0 → 0.2.0

package/dist/strategies/discord.js

@@ -0,0 +1,85 @@
+import { OAuthStrategy } from './oauth-base.js';
+/**
+ * Discord OAuth2 authentication strategy.
+ *
+ * @example
+ * ```typescript
+ * const hs = new Handshake({
+ *   findAccount: async (email) => db.accounts.findByEmail(email),
+ *   findOrCreateFromOAuth: async (provider, profile) => {
+ *     let account = await db.accounts.findByProviderId(provider, profile.id);
+ *     if (!account) {
+ *       account = await db.accounts.create({
+ *         email: profile.email,
+ *         name: profile.name,
+ *         providerId: profile.id,
+ *         provider,
+ *       });
+ *     }
+ *     return account;
+ *   },
+ * });
+ *
+ * hs.use(new DiscordStrategy({
+ *   clientId: process.env.DISCORD_CLIENT_ID!,
+ *   clientSecret: process.env.DISCORD_CLIENT_SECRET!,
+ *   redirectUri: 'http://localhost:3000/auth/discord/callback',
+ * }));
+ *
+ * // Routes
+ * app.get('/auth/discord', async (req, res) => {
+ *   const result = await hs.authenticate('discord', req, res, 'redirect');
+ *   if ('redirectUrl' in result) {
+ *     res.redirect(result.redirectUrl);
+ *   }
+ * });
+ *
+ * app.get('/auth/discord/callback', async (req, res) => {
+ *   const result = await hs.authenticate('discord', req, res, 'callback');
+ *   if (result.account) {
+ *     login(req, result.account);
+ *     res.redirect('/dashboard');
+ *   } else {
+ *     res.status(401).send(result.error);
+ *   }
+ * });
+ * ```
+ */
+export class DiscordStrategy extends OAuthStrategy {
+    constructor(options) {
+        super({
+            name: 'discord',
+            clientId: options.clientId,
+            clientSecret: options.clientSecret,
+            redirectUri: options.redirectUri,
+            authorizeUrl: 'https://discord.com/api/oauth2/authorize',
+            tokenUrl: 'https://discord.com/api/oauth2/token',
+            userInfoUrl: 'https://discord.com/api/users/@me',
+            scopes: options.scopes ?? ['identify', 'email'],
+            stateCookieName: 'discord_oauth_state',
+        });
+    }
+    /**
+     * Map Discord profile to standard OAuthProfile.
+     */
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    mapProfile(data, accessToken) {
+        const profile = data;
+        // Build avatar URL if avatar hash exists
+        let picture = null;
+        if (profile.avatar) {
+            const ext = profile.avatar.startsWith('a_') ? 'gif' : 'png';
+            picture = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${ext}`;
+        }
+        // Use global_name (display name) or fall back to username
+        const name = profile.global_name ?? profile.username;
+        return {
+            id: profile.id,
+            email: profile.email ?? null,
+            name,
+            picture,
+            raw: profile,
+        };
+    }
+}
+//# sourceMappingURL=discord.js.map

package/dist/strategies/discord.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"discord.js","sourceRoot":"","sources":["../../src/strategies/discord.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAkDhD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AACH,MAAM,OAAO,eAA0B,SAAQ,aAAuB;IACpE,YAAY,OAA+B;QACzC,KAAK,CAAC;YACJ,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,YAAY,EAAE,0CAA0C;YACxD,QAAQ,EAAE,sCAAsC;YAChD,WAAW,EAAE,mCAAmC;YAChD,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC;YAC/C,eAAe,EAAE,qBAAqB;SACvC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,6DAA6D;IACnD,UAAU,CAAC,IAAa,EAAE,WAAmB;QACrD,MAAM,OAAO,GAAG,IAAsB,CAAC;QAEvC,yCAAyC;QACzC,IAAI,OAAO,GAAkB,IAAI,CAAC;QAClC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;YAC5D,OAAO,GAAG,sCAAsC,OAAO,CAAC,EAAE,IAAI,OAAO,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;QACxF,CAAC;QAED,0DAA0D;QAC1D,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,QAAQ,CAAC;QAErD,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;YAC5B,IAAI;YACJ,OAAO;YACP,GAAG,EAAE,OAA6C;SACnD,CAAC;IACJ,CAAC;CACF"}

package/dist/strategies/github.d.ts

@@ -0,0 +1,112 @@
+import type { OAuthProfile } from '../types.js';
+import { OAuthStrategy } from './oauth-base.js';
+/**
+ * GitHub user profile from the /user endpoint.
+ */
+export interface GitHubProfile {
+    id: number;
+    login: string;
+    name?: string | null;
+    email?: string | null;
+    avatar_url?: string;
+    bio?: string | null;
+    company?: string | null;
+    location?: string | null;
+    blog?: string | null;
+    twitter_username?: string | null;
+    html_url?: string;
+}
+/**
+ * GitHub email object from the /user/emails endpoint.
+ */
+export interface GitHubEmail {
+    email: string;
+    primary: boolean;
+    verified: boolean;
+    visibility: string | null;
+}
+/**
+ * Configuration options for GitHub OAuth strategy.
+ */
+export interface GitHubStrategyOptions {
+    /**
+     * GitHub OAuth client ID
+     */
+    clientId: string;
+    /**
+     * GitHub OAuth client secret
+     */
+    clientSecret: string;
+    /**
+     * Your callback URL (must match GitHub OAuth App configuration)
+     */
+    redirectUri: string;
+    /**
+     * OAuth scopes to request
+     * @default ['read:user', 'user:email']
+     */
+    scopes?: string[];
+}
+/**
+ * GitHub OAuth2 authentication strategy.
+ *
+ * Note: GitHub may not include the user's email in the profile response.
+ * This strategy automatically fetches the primary email from the /user/emails
+ * endpoint when needed.
+ *
+ * @example
+ * ```typescript
+ * const hs = new Handshake({
+ *   findAccount: async (email) => db.accounts.findByEmail(email),
+ *   findOrCreateFromOAuth: async (provider, profile) => {
+ *     let account = await db.accounts.findByProviderId(provider, profile.id);
+ *     if (!account) {
+ *       account = await db.accounts.create({
+ *         email: profile.email,
+ *         name: profile.name,
+ *         providerId: profile.id,
+ *         provider,
+ *       });
+ *     }
+ *     return account;
+ *   },
+ * });
+ *
+ * hs.use(new GitHubStrategy({
+ *   clientId: process.env.GITHUB_CLIENT_ID!,
+ *   clientSecret: process.env.GITHUB_CLIENT_SECRET!,
+ *   redirectUri: 'http://localhost:3000/auth/github/callback',
+ * }));
+ *
+ * // Routes
+ * app.get('/auth/github', async (req, res) => {
+ *   const result = await hs.authenticate('github', req, res, 'redirect');
+ *   if ('redirectUrl' in result) {
+ *     res.redirect(result.redirectUrl);
+ *   }
+ * });
+ *
+ * app.get('/auth/github/callback', async (req, res) => {
+ *   const result = await hs.authenticate('github', req, res, 'callback');
+ *   if (result.account) {
+ *     login(req, result.account);
+ *     res.redirect('/dashboard');
+ *   } else {
+ *     res.status(401).send(result.error);
+ *   }
+ * });
+ * ```
+ */
+export declare class GitHubStrategy<TAccount> extends OAuthStrategy<TAccount> {
+    constructor(options: GitHubStrategyOptions);
+    /**
+     * Map GitHub profile to standard OAuthProfile.
+     * Fetches email from /user/emails if not in profile.
+     */
+    protected mapProfile(data: unknown, accessToken: string): Promise<OAuthProfile>;
+    /**
+     * Fetch the user's primary email from GitHub's /user/emails endpoint.
+     */
+    private fetchPrimaryEmail;
+}
+//# sourceMappingURL=github.d.ts.map

package/dist/strategies/github.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../src/strategies/github.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AACH,qBAAa,cAAc,CAAC,QAAQ,CAAE,SAAQ,aAAa,CAAC,QAAQ,CAAC;gBACvD,OAAO,EAAE,qBAAqB;IAc1C;;;OAGG;cACa,UAAU,CAAC,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAmBrF;;OAEG;YACW,iBAAiB;CAqBhC"}

package/dist/strategies/github.js

@@ -0,0 +1,110 @@
+import { OAuthStrategy } from './oauth-base.js';
+/**
+ * GitHub OAuth2 authentication strategy.
+ *
+ * Note: GitHub may not include the user's email in the profile response.
+ * This strategy automatically fetches the primary email from the /user/emails
+ * endpoint when needed.
+ *
+ * @example
+ * ```typescript
+ * const hs = new Handshake({
+ *   findAccount: async (email) => db.accounts.findByEmail(email),
+ *   findOrCreateFromOAuth: async (provider, profile) => {
+ *     let account = await db.accounts.findByProviderId(provider, profile.id);
+ *     if (!account) {
+ *       account = await db.accounts.create({
+ *         email: profile.email,
+ *         name: profile.name,
+ *         providerId: profile.id,
+ *         provider,
+ *       });
+ *     }
+ *     return account;
+ *   },
+ * });
+ *
+ * hs.use(new GitHubStrategy({
+ *   clientId: process.env.GITHUB_CLIENT_ID!,
+ *   clientSecret: process.env.GITHUB_CLIENT_SECRET!,
+ *   redirectUri: 'http://localhost:3000/auth/github/callback',
+ * }));
+ *
+ * // Routes
+ * app.get('/auth/github', async (req, res) => {
+ *   const result = await hs.authenticate('github', req, res, 'redirect');
+ *   if ('redirectUrl' in result) {
+ *     res.redirect(result.redirectUrl);
+ *   }
+ * });
+ *
+ * app.get('/auth/github/callback', async (req, res) => {
+ *   const result = await hs.authenticate('github', req, res, 'callback');
+ *   if (result.account) {
+ *     login(req, result.account);
+ *     res.redirect('/dashboard');
+ *   } else {
+ *     res.status(401).send(result.error);
+ *   }
+ * });
+ * ```
+ */
+export class GitHubStrategy extends OAuthStrategy {
+    constructor(options) {
+        super({
+            name: 'github',
+            clientId: options.clientId,
+            clientSecret: options.clientSecret,
+            redirectUri: options.redirectUri,
+            authorizeUrl: 'https://github.com/login/oauth/authorize',
+            tokenUrl: 'https://github.com/login/oauth/access_token',
+            userInfoUrl: 'https://api.github.com/user',
+            scopes: options.scopes ?? ['read:user', 'user:email'],
+            stateCookieName: 'github_oauth_state',
+        });
+    }
+    /**
+     * Map GitHub profile to standard OAuthProfile.
+     * Fetches email from /user/emails if not in profile.
+     */
+    async mapProfile(data, accessToken) {
+        const profile = data;
+        // GitHub may not include email in the profile
+        // Fetch from /user/emails endpoint if needed
+        let email = profile.email;
+        if (!email) {
+            email = await this.fetchPrimaryEmail(accessToken);
+        }
+        return {
+            id: String(profile.id),
+            email: email ?? null,
+            name: profile.name ?? profile.login,
+            picture: profile.avatar_url ?? null,
+            raw: profile,
+        };
+    }
+    /**
+     * Fetch the user's primary email from GitHub's /user/emails endpoint.
+     */
+    async fetchPrimaryEmail(accessToken) {
+        try {
+            const response = await fetch('https://api.github.com/user/emails', {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                    Accept: 'application/json',
+                    'User-Agent': 'handshake-auth',
+                },
+            });
+            if (!response.ok) {
+                return null;
+            }
+            const emails = (await response.json());
+            const primary = emails.find((e) => e.primary && e.verified);
+            return primary?.email ?? emails.find((e) => e.verified)?.email ?? null;
+        }
+        catch {
+            return null;
+        }
+    }
+}
+//# sourceMappingURL=github.js.map

package/dist/strategies/github.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.js","sourceRoot":"","sources":["../../src/strategies/github.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAuDhD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AACH,MAAM,OAAO,cAAyB,SAAQ,aAAuB;IACnE,YAAY,OAA8B;QACxC,KAAK,CAAC;YACJ,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,YAAY,EAAE,0CAA0C;YACxD,QAAQ,EAAE,6CAA6C;YACvD,WAAW,EAAE,6BAA6B;YAC1C,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC;YACrD,eAAe,EAAE,oBAAoB;SACtC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACO,KAAK,CAAC,UAAU,CAAC,IAAa,EAAE,WAAmB;QAC3D,MAAM,OAAO,GAAG,IAAqB,CAAC;QAEtC,8CAA8C;QAC9C,6CAA6C;QAC7C,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;QACpD,CAAC;QAED,OAAO;YACL,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YACtB,KAAK,EAAE,KAAK,IAAI,IAAI;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,KAAK;YACnC,OAAO,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;YACnC,GAAG,EAAE,OAA6C;SACnD,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAAC,WAAmB;QACjD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,oCAAoC,EAAE;gBACjE,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,WAAW,EAAE;oBACtC,MAAM,EAAE,kBAAkB;oBAC1B,YAAY,EAAE,gBAAgB;iBAC/B;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;YACxD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC;YAC5D,OAAO,OAAO,EAAE,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;QACzE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/strategies/google.d.ts

@@ -0,0 +1,91 @@
+import type { OAuthProfile } from '../types.js';
+import { OAuthStrategy } from './oauth-base.js';
+/**
+ * Google user profile from the userinfo endpoint.
+ */
+export interface GoogleProfile {
+    sub: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    email?: string;
+    email_verified?: boolean;
+    locale?: string;
+}
+/**
+ * Configuration options for Google OAuth strategy.
+ */
+export interface GoogleStrategyOptions {
+    /**
+     * Google OAuth client ID
+     */
+    clientId: string;
+    /**
+     * Google OAuth client secret
+     */
+    clientSecret: string;
+    /**
+     * Your callback URL (must match Google Cloud Console configuration)
+     */
+    redirectUri: string;
+    /**
+     * OAuth scopes to request
+     * @default ['openid', 'email', 'profile']
+     */
+    scopes?: string[];
+}
+/**
+ * Google OAuth2 authentication strategy using OpenID Connect.
+ *
+ * @example
+ * ```typescript
+ * const hs = new Handshake({
+ *   findAccount: async (email) => db.accounts.findByEmail(email),
+ *   findOrCreateFromOAuth: async (provider, profile) => {
+ *     let account = await db.accounts.findByProviderId(provider, profile.id);
+ *     if (!account) {
+ *       account = await db.accounts.create({
+ *         email: profile.email,
+ *         name: profile.name,
+ *         providerId: profile.id,
+ *         provider,
+ *       });
+ *     }
+ *     return account;
+ *   },
+ * });
+ *
+ * hs.use(new GoogleStrategy({
+ *   clientId: process.env.GOOGLE_CLIENT_ID!,
+ *   clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
+ *   redirectUri: 'http://localhost:3000/auth/google/callback',
+ * }));
+ *
+ * // Routes
+ * app.get('/auth/google', async (req, res) => {
+ *   const result = await hs.authenticate('google', req, res, 'redirect');
+ *   if ('redirectUrl' in result) {
+ *     res.redirect(result.redirectUrl);
+ *   }
+ * });
+ *
+ * app.get('/auth/google/callback', async (req, res) => {
+ *   const result = await hs.authenticate('google', req, res, 'callback');
+ *   if (result.account) {
+ *     login(req, result.account);
+ *     res.redirect('/dashboard');
+ *   } else {
+ *     res.status(401).send(result.error);
+ *   }
+ * });
+ * ```
+ */
+export declare class GoogleStrategy<TAccount> extends OAuthStrategy<TAccount> {
+    constructor(options: GoogleStrategyOptions);
+    /**
+     * Map Google profile to standard OAuthProfile.
+     */
+    protected mapProfile(data: unknown, accessToken: string): OAuthProfile;
+}
+//# sourceMappingURL=google.d.ts.map

package/dist/strategies/google.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../src/strategies/google.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AACH,qBAAa,cAAc,CAAC,QAAQ,CAAE,SAAQ,aAAa,CAAC,QAAQ,CAAC;gBACvD,OAAO,EAAE,qBAAqB;IAc1C;;OAEG;IAEH,SAAS,CAAC,UAAU,CAAC,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,GAAG,YAAY;CAUvE"}

package/dist/strategies/google.js

@@ -0,0 +1,77 @@
+import { OAuthStrategy } from './oauth-base.js';
+/**
+ * Google OAuth2 authentication strategy using OpenID Connect.
+ *
+ * @example
+ * ```typescript
+ * const hs = new Handshake({
+ *   findAccount: async (email) => db.accounts.findByEmail(email),
+ *   findOrCreateFromOAuth: async (provider, profile) => {
+ *     let account = await db.accounts.findByProviderId(provider, profile.id);
+ *     if (!account) {
+ *       account = await db.accounts.create({
+ *         email: profile.email,
+ *         name: profile.name,
+ *         providerId: profile.id,
+ *         provider,
+ *       });
+ *     }
+ *     return account;
+ *   },
+ * });
+ *
+ * hs.use(new GoogleStrategy({
+ *   clientId: process.env.GOOGLE_CLIENT_ID!,
+ *   clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
+ *   redirectUri: 'http://localhost:3000/auth/google/callback',
+ * }));
+ *
+ * // Routes
+ * app.get('/auth/google', async (req, res) => {
+ *   const result = await hs.authenticate('google', req, res, 'redirect');
+ *   if ('redirectUrl' in result) {
+ *     res.redirect(result.redirectUrl);
+ *   }
+ * });
+ *
+ * app.get('/auth/google/callback', async (req, res) => {
+ *   const result = await hs.authenticate('google', req, res, 'callback');
+ *   if (result.account) {
+ *     login(req, result.account);
+ *     res.redirect('/dashboard');
+ *   } else {
+ *     res.status(401).send(result.error);
+ *   }
+ * });
+ * ```
+ */
+export class GoogleStrategy extends OAuthStrategy {
+    constructor(options) {
+        super({
+            name: 'google',
+            clientId: options.clientId,
+            clientSecret: options.clientSecret,
+            redirectUri: options.redirectUri,
+            authorizeUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
+            tokenUrl: 'https://oauth2.googleapis.com/token',
+            userInfoUrl: 'https://openidconnect.googleapis.com/v1/userinfo',
+            scopes: options.scopes ?? ['openid', 'email', 'profile'],
+            stateCookieName: 'google_oauth_state',
+        });
+    }
+    /**
+     * Map Google profile to standard OAuthProfile.
+     */
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    mapProfile(data, accessToken) {
+        const profile = data;
+        return {
+            id: profile.sub,
+            email: profile.email ?? null,
+            name: profile.name ?? null,
+            picture: profile.picture ?? null,
+            raw: profile,
+        };
+    }
+}
+//# sourceMappingURL=google.js.map

package/dist/strategies/google.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/strategies/google.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AA0ChD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AACH,MAAM,OAAO,cAAyB,SAAQ,aAAuB;IACnE,YAAY,OAA8B;QACxC,KAAK,CAAC;YACJ,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,YAAY,EAAE,8CAA8C;YAC5D,QAAQ,EAAE,qCAAqC;YAC/C,WAAW,EAAE,kDAAkD;YAC/D,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;YACxD,eAAe,EAAE,oBAAoB;SACtC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,6DAA6D;IACnD,UAAU,CAAC,IAAa,EAAE,WAAmB;QACrD,MAAM,OAAO,GAAG,IAAqB,CAAC;QACtC,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,GAAG;YACf,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;YAC5B,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI;YAC1B,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,IAAI;YAChC,GAAG,EAAE,OAA6C;SACnD,CAAC;IACJ,CAAC;CACF"}

package/dist/strategies/index.d.ts

@@ -1,2 +1,18 @@
 export { PasswordStrategy } from './password.js';
+export type { PasswordStrategyOptions } from './password.js';
+export { UsernamePasswordStrategy } from './username-password.js';
+export { MagicLinkStrategy, MagicLinkSendStrategy, MagicLinkVerifyStrategy, useMagicLink, } from './magic-link.js';
+export type { MagicLinkOptions, MagicLinkSendResult } from './magic-link.js';
+export { OAuthStrategy, isOAuthRedirect } from './oauth-base.js';
+export type { OAuthConfig, OAuthRedirectResult, OAuthTokenResponse, OAuthAuthResult, } from './oauth-base.js';
+export { GoogleStrategy } from './google.js';
+export type { GoogleProfile, GoogleStrategyOptions } from './google.js';
+export { GitHubStrategy } from './github.js';
+export type { GitHubProfile, GitHubEmail, GitHubStrategyOptions } from './github.js';
+export { DiscordStrategy } from './discord.js';
+export type { DiscordProfile, DiscordStrategyOptions } from './discord.js';
+export { MicrosoftStrategy } from './microsoft.js';
+export type { MicrosoftProfile, MicrosoftTenant, MicrosoftStrategyOptions } from './microsoft.js';
+export { TwitterXStrategy } from './twitter-x.js';
+export type { TwitterXProfile, TwitterXStrategyOptions } from './twitter-x.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/strategies/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/strategies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/strategies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,YAAY,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,YAAY,GACb,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAG7E,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AACjE,YAAY,EACV,WAAW,EACX,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,GAChB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,YAAY,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAExE,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAErF,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,YAAY,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAE3E,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAElG,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,YAAY,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/strategies/index.js

@@ -1,2 +1,12 @@
 export { PasswordStrategy } from './password.js';
+export { UsernamePasswordStrategy } from './username-password.js';
+export { MagicLinkStrategy, MagicLinkSendStrategy, MagicLinkVerifyStrategy, useMagicLink, } from './magic-link.js';
+// OAuth base
+export { OAuthStrategy, isOAuthRedirect } from './oauth-base.js';
+// OAuth providers
+export { GoogleStrategy } from './google.js';
+export { GitHubStrategy } from './github.js';
+export { DiscordStrategy } from './discord.js';
+export { MicrosoftStrategy } from './microsoft.js';
+export { TwitterXStrategy } from './twitter-x.js';
 //# sourceMappingURL=index.js.map

package/dist/strategies/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/strategies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/strategies/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAEjD,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,YAAY,GACb,MAAM,iBAAiB,CAAC;AAGzB,aAAa;AACb,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAQjE,kBAAkB;AAClB,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG7C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG7C,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAG/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAGnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC"}