honertia 0.1.2 → 0.1.4

package/dist/effect/auth.js

@@ -5,9 +5,10 @@
  */
 import { Effect, Layer, Option } from 'effect';
 import { AuthUserService, AuthService, HonertiaService, RequestService } from './services.js';
-import { UnauthorizedError } from './errors.js';
+import { UnauthorizedError, ValidationError } from './errors.js';
 import { effectRoutes } from './routing.js';
 import { render } from './responses.js';
+import { validateRequest } from './validation.js';
 /**
  * Layer that requires an authenticated user.
  * Fails with UnauthorizedError if no user is present.
@@ -101,39 +102,65 @@ export function shareAuthMiddleware() {
  * effectAuthRoutes(app, {
  *   loginComponent: 'Auth/Login',
  *   registerComponent: 'Auth/Register',
+ *   loginAction: loginUser,
+ *   registerAction: registerUser,
  * })
  */
 export function effectAuthRoutes(app, config = {}) {
-    const { loginPath = '/login', registerPath = '/register', logoutPath = '/logout', apiPath = '/api/auth', logoutRedirect = '/login', loginComponent = 'Auth/Login', registerComponent = 'Auth/Register', } = config;
+    const { loginPath = '/login', registerPath = '/register', logoutPath = '/logout', apiPath = '/api/auth', logoutRedirect = '/login', loginRedirect = '/', loginComponent = 'Auth/Login', registerComponent = 'Auth/Register', } = config;
     const routes = effectRoutes(app);
     // Login page (guest only)
     routes.get(loginPath, Effect.gen(function* () {
-        yield* requireGuest(loginPath === '/login' ? '/' : loginPath);
+        yield* requireGuest(loginRedirect);
         return yield* render(loginComponent);
     }));
     // Register page (guest only)
     routes.get(registerPath, Effect.gen(function* () {
-        yield* requireGuest(registerPath === '/register' ? '/' : registerPath);
+        yield* requireGuest(loginRedirect);
         return yield* render(registerComponent);
     }));
-    // Logout (POST)
-    routes.post(logoutPath, Effect.gen(function* () {
-        const auth = yield* AuthService;
-        const request = yield* RequestService;
-        // Revoke session server-side
-        yield* Effect.tryPromise(() => auth.api.signOut({
-            headers: request.headers,
+    // Login action (POST) - guest only
+    if (config.loginAction) {
+        routes
+            .provide(RequireGuestLayer)
+            .post(loginPath, config.loginAction);
+    }
+    // Register action (POST) - guest only
+    if (config.registerAction) {
+        routes
+            .provide(RequireGuestLayer)
+            .post(registerPath, config.registerAction);
+    }
+    // Logout (POST) - use provided action or default
+    if (config.logoutAction) {
+        routes.post(logoutPath, config.logoutAction);
+    }
+    else {
+        routes.post(logoutPath, Effect.gen(function* () {
+            const auth = yield* AuthService;
+            const request = yield* RequestService;
+            // Revoke session server-side
+            yield* Effect.tryPromise(() => auth.api.signOut({
+                headers: request.headers,
+            }));
+            // Clear cookie and redirect
+            const sessionCookie = config.sessionCookie ?? 'better-auth.session_token';
+            return new Response(null, {
+                status: 303,
+                headers: {
+                    'Location': logoutRedirect,
+                    'Set-Cookie': `${sessionCookie}=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax`,
+                },
+            });
         }));
-        // Clear cookie and redirect
-        const sessionCookie = config.sessionCookie ?? 'better-auth.session_token';
-        return new Response(null, {
-            status: 303,
-            headers: {
-                'Location': logoutRedirect,
-                'Set-Cookie': `${sessionCookie}=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax`,
-            },
-        });
-    }));
+    }
+    // Additional guest-only actions (2FA, forgot password, etc.)
+    if (config.guestActions) {
+        const guestRoutes = routes.provide(RequireGuestLayer);
+        for (const [path, action] of Object.entries(config.guestActions)) {
+            guestRoutes.post(path, action);
+        }
+    }
     // Better-auth API handler (handles sign-in, sign-up, etc.)
     // Apply CORS if configured
     if (config.cors) {
@@ -202,3 +229,146 @@ export function loadUser(config = {}) {
         await next();
     };
 }
+/**
+ * Create a better-auth form action with Honertia-friendly responses.
+ *
+ * Copies Set-Cookie headers from better-auth and redirects with 303.
+ * Maps errors into ValidationError so the standard error handler can render.
+ */
+export function betterAuthFormAction(config) {
+    return Effect.gen(function* () {
+        const auth = yield* AuthService;
+        const request = yield* RequestService;
+        const input = yield* validateRequest(config.schema, {
+            errorComponent: config.errorComponent,
+        });
+        const result = yield* Effect.tryPromise({
+            try: () => config.call(auth, input, buildAuthRequest(request)),
+            catch: (error) => error,
+        }).pipe(Effect.mapError((error) => new ValidationError({
+            errors: (config.errorMapper ?? defaultAuthErrorMapper)(error),
+            component: config.errorComponent,
+        })));
+        const redirectTo = resolveRedirect(config.redirectTo, input, result);
+        const responseHeaders = new Headers({ Location: redirectTo });
+        const resultHeaders = getHeaders(result);
+        if (resultHeaders) {
+            appendSetCookies(responseHeaders, resultHeaders);
+        }
+        return new Response(null, {
+            status: 303,
+            headers: responseHeaders,
+        });
+    });
+}
+/**
+ * Create a better-auth logout action that clears cookies and redirects.
+ */
+export function betterAuthLogoutAction(config = {}) {
+    return Effect.gen(function* () {
+        const auth = yield* AuthService;
+        const request = yield* RequestService;
+        const result = yield* Effect.tryPromise({
+            try: () => auth.api.signOut({
+                headers: request.headers,
+                request: buildAuthRequest(request),
+                returnHeaders: true,
+            }),
+            catch: () => undefined,
+        }).pipe(Effect.catchAll(() => Effect.succeed(undefined)));
+        const responseHeaders = new Headers({
+            Location: config.redirectTo ?? '/login',
+        });
+        const resultHeaders = getHeaders(result);
+        if (resultHeaders) {
+            appendSetCookies(responseHeaders, resultHeaders);
+        }
+        if (!responseHeaders.has('set-cookie')) {
+            appendLogoutCookies(responseHeaders, config.cookieNames);
+        }
+        return new Response(null, {
+            status: 303,
+            headers: responseHeaders,
+        });
+    });
+}
+function buildAuthRequest(request) {
+    return new Request(request.url, {
+        method: request.method,
+        headers: request.headers,
+    });
+}
+function resolveRedirect(target, input, result) {
+    if (typeof target === 'function') {
+        return target(input, result);
+    }
+    return target ?? '/';
+}
+function getHeaders(result) {
+    if (!result)
+        return undefined;
+    if (result instanceof Headers)
+        return result;
+    if (result instanceof Response)
+        return result.headers;
+    if (typeof result === 'object' && 'headers' in result && result.headers) {
+        return coerceHeaders(result.headers);
+    }
+    return undefined;
+}
+function coerceHeaders(value) {
+    return value instanceof Headers ? value : new Headers(value);
+}
+function defaultAuthErrorMapper(error) {
+    const message = getAuthErrorMessage(error) ?? 'Unable to complete request. Please try again.';
+    return { form: message };
+}
+function getAuthErrorMessage(error) {
+    if (!error || typeof error !== 'object')
+        return undefined;
+    const candidate = error;
+    if (typeof candidate.body?.message === 'string')
+        return candidate.body.message;
+    if (typeof candidate.message === 'string')
+        return candidate.message;
+    return undefined;
+}
+function appendSetCookies(target, source) {
+    const sourceWithSetCookie = source;
+    if (typeof sourceWithSetCookie.getSetCookie === 'function') {
+        for (const cookie of sourceWithSetCookie.getSetCookie()) {
+            target.append('set-cookie', cookie);
+        }
+        return;
+    }
+    const setCookie = source.get('set-cookie');
+    if (!setCookie) {
+        return;
+    }
+    // Split on cookie boundaries without breaking Expires attributes.
+    const parts = setCookie
+        .split(/,(?=[^;]+?=)/g)
+        .map((part) => part.trim())
+        .filter(Boolean);
+    for (const cookie of parts) {
+        target.append('set-cookie', cookie);
+    }
+}
+function appendExpiredCookie(target, name, options = {}) {
+    const base = `${name}=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax`;
+    const value = options.secure ? `${base}; Secure` : base;
+    target.append('set-cookie', value);
+}
+function appendLogoutCookies(target, cookieNames) {
+    const defaults = [
+        'better-auth.session_token',
+        'better-auth.session_data',
+        'better-auth.account_data',
+        'better-auth.dont_remember',
+    ];
+    const names = cookieNames?.length ? cookieNames : defaults;
+    for (const name of names) {
+        appendExpiredCookie(target, name);
+        appendExpiredCookie(target, `__Secure-${name}`, { secure: true });
+    }
+}

package/dist/effect/index.d.ts

@@ -9,8 +9,8 @@ export * from './schema.js';
 export { getValidationData, formatSchemaErrors, validate, validateRequest, } from './validation.js';
 export { effectBridge, buildContextLayer, getEffectRuntime, type EffectBridgeConfig, } from './bridge.js';
 export { effectHandler, effect, handle, errorToResponse, } from './handler.js';
-export { effectAction, dbAction, authAction, simpleAction, injectUser, dbOperation, prepareData, preparedAction, } from './action.js';
+export { action, authorize, dbTransaction, } from './action.js';
 export { redirect, render, renderWithErrors, json, text, notFound, forbidden, httpError, prefersJson, jsonOrRender, share, } from './responses.js';
 export { EffectRouteBuilder, effectRoutes, type EffectHandler, type BaseServices, } from './routing.js';
-export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, loadUser, type AuthRoutesConfig, } from './auth.js';
+export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, betterAuthFormAction, betterAuthLogoutAction, loadUser, type AuthRoutesConfig, type BetterAuthFormActionConfig, type BetterAuthLogoutConfig, type BetterAuthActionResult, } from './auth.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/effect/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/effect/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,eAAe,EACf,WAAW,EACX,eAAe,EACf,eAAe,EACf,cAAc,EACd,sBAAsB,EACtB,KAAK,QAAQ,EACb,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAA;AAGtB,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,SAAS,EACT,QAAQ,EACR,KAAK,QAAQ,GACd,MAAM,aAAa,CAAA;AAGpB,cAAc,aAAa,CAAA;AAG3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,QAAQ,EACR,eAAe,GAChB,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,KAAK,kBAAkB,GACxB,MAAM,aAAa,CAAA;AAGpB,OAAO,EACL,aAAa,EACb,MAAM,EACN,MAAM,EACN,eAAe,GAChB,MAAM,cAAc,CAAA;AAGrB,OAAO,EACL,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,UAAU,EACV,WAAW,EACX,WAAW,EACX,cAAc,GACf,MAAM,aAAa,CAAA;AAGpB,OAAO,EACL,QAAQ,EACR,MAAM,EACN,gBAAgB,EAChB,IAAI,EACJ,IAAI,EACJ,QAAQ,EACR,SAAS,EACT,SAAS,EACT,WAAW,EACX,YAAY,EACZ,KAAK,GACN,MAAM,gBAAgB,CAAA;AAGvB,OAAO,EACL,kBAAkB,EAClB,YAAY,EACZ,KAAK,aAAa,EAClB,KAAK,YAAY,GAClB,MAAM,cAAc,CAAA;AAGrB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,WAAW,EACX,WAAW,EACX,YAAY,EACZ,SAAS,EACT,mBAAmB,EACnB,gBAAgB,EAChB,QAAQ,EACR,KAAK,gBAAgB,GACtB,MAAM,WAAW,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/effect/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,eAAe,EACf,WAAW,EACX,eAAe,EACf,eAAe,EACf,cAAc,EACd,sBAAsB,EACtB,KAAK,QAAQ,EACb,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAA;AAGtB,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,SAAS,EACT,QAAQ,EACR,KAAK,QAAQ,GACd,MAAM,aAAa,CAAA;AAGpB,cAAc,aAAa,CAAA;AAG3B,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,QAAQ,EACR,eAAe,GAChB,MAAM,iBAAiB,CAAA;AAGxB,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,KAAK,kBAAkB,GACxB,MAAM,aAAa,CAAA;AAGpB,OAAO,EACL,aAAa,EACb,MAAM,EACN,MAAM,EACN,eAAe,GAChB,MAAM,cAAc,CAAA;AAGrB,OAAO,EACL,MAAM,EACN,SAAS,EACT,aAAa,GACd,MAAM,aAAa,CAAA;AAGpB,OAAO,EACL,QAAQ,EACR,MAAM,EACN,gBAAgB,EAChB,IAAI,EACJ,IAAI,EACJ,QAAQ,EACR,SAAS,EACT,SAAS,EACT,WAAW,EACX,YAAY,EACZ,KAAK,GACN,MAAM,gBAAgB,CAAA;AAGvB,OAAO,EACL,kBAAkB,EAClB,YAAY,EACZ,KAAK,aAAa,EAClB,KAAK,YAAY,GAClB,MAAM,cAAc,CAAA;AAGrB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,WAAW,EACX,WAAW,EACX,YAAY,EACZ,SAAS,EACT,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EACpB,sBAAsB,EACtB,QAAQ,EACR,KAAK,gBAAgB,EACrB,KAAK,0BAA0B,EAC/B,KAAK,sBAAsB,EAC3B,KAAK,sBAAsB,GAC5B,MAAM,WAAW,CAAA"}

package/dist/effect/index.js

@@ -15,11 +15,11 @@ export { getValidationData, formatSchemaErrors, validate, validateRequest, } fro
 export { effectBridge, buildContextLayer, getEffectRuntime, } from './bridge.js';
 // Handler
 export { effectHandler, effect, handle, errorToResponse, } from './handler.js';
-// Action Factories
-export { effectAction, dbAction, authAction, simpleAction, injectUser, dbOperation, prepareData, preparedAction, } from './action.js';
+// Action Composables
+export { action, authorize, dbTransaction, } from './action.js';
 // Response Helpers
 export { redirect, render, renderWithErrors, json, text, notFound, forbidden, httpError, prefersJson, jsonOrRender, share, } from './responses.js';
 // Routing
 export { EffectRouteBuilder, effectRoutes, } from './routing.js';
 // Auth
-export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, loadUser, } from './auth.js';
+export { RequireAuthLayer, RequireGuestLayer, isAuthenticated, currentUser, requireAuth, requireGuest, shareAuth, shareAuthMiddleware, effectAuthRoutes, betterAuthFormAction, betterAuthLogoutAction, loadUser, } from './auth.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "honertia",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "Inertia.js-style server-driven SPA adapter for Hono",
   "type": "module",
   "main": "./dist/index.js",