kavachos 0.1.3 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/index.js +35 -3
- package/dist/auth/index.js.map +1 -1
- package/dist/index.js +35 -3
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/auth/index.js
CHANGED
|
@@ -5018,7 +5018,7 @@ function createOAuthModule(db, config) {
|
|
|
5018
5018
|
throw new Error("OAuth callback: state has expired. Restart the authorization flow.");
|
|
5019
5019
|
}
|
|
5020
5020
|
await db.delete(oauthStates).where(eq(oauthStates.state, state));
|
|
5021
|
-
const tokens = await provider.exchangeCode(stateRow.codeVerifier,
|
|
5021
|
+
const tokens = await provider.exchangeCode(code, stateRow.codeVerifier, redirectUri);
|
|
5022
5022
|
const userInfo = await provider.getUserInfo(tokens.accessToken);
|
|
5023
5023
|
const existingRows = await db.select().from(oauthAccounts).where(
|
|
5024
5024
|
and(
|
|
@@ -5128,8 +5128,6 @@ function createOAuthModule(db, config) {
|
|
|
5128
5128
|
pruneExpiredStates
|
|
5129
5129
|
};
|
|
5130
5130
|
}
|
|
5131
|
-
|
|
5132
|
-
// src/auth/oauth/plugin.ts
|
|
5133
5131
|
function jsonResponse10(body, status = 200) {
|
|
5134
5132
|
return new Response(JSON.stringify(body), {
|
|
5135
5133
|
status,
|
|
@@ -5148,6 +5146,8 @@ function oauth(config) {
|
|
|
5148
5146
|
async init(ctx) {
|
|
5149
5147
|
const module = createOAuthModule(ctx.db, config);
|
|
5150
5148
|
const baseUrl = ctx.config.baseUrl ?? "";
|
|
5149
|
+
const sessionConfig = ctx.config.auth?.session;
|
|
5150
|
+
const sessionManager = sessionConfig ? createSessionManager(sessionConfig, ctx.db) : null;
|
|
5151
5151
|
const authorizeLimiter = createRateLimiter({ max: 20, window: 60 });
|
|
5152
5152
|
function getRedirectUri(provider) {
|
|
5153
5153
|
if (config.buildRedirectUri) {
|
|
@@ -5198,6 +5198,38 @@ function oauth(config) {
|
|
|
5198
5198
|
const redirectUri = getRedirectUri(provider);
|
|
5199
5199
|
try {
|
|
5200
5200
|
const result = await module.handleCallback(provider, code, state, redirectUri);
|
|
5201
|
+
const email = result.userInfo.email;
|
|
5202
|
+
let userId = result.account.userId;
|
|
5203
|
+
if (userId === "__pending__" && email && ctx.db) {
|
|
5204
|
+
const existing = await ctx.db.select().from(users).where(eq(users.email, email));
|
|
5205
|
+
if (existing[0]) {
|
|
5206
|
+
userId = existing[0].id;
|
|
5207
|
+
} else {
|
|
5208
|
+
const newId = crypto.randomUUID();
|
|
5209
|
+
await ctx.db.insert(users).values({
|
|
5210
|
+
id: newId,
|
|
5211
|
+
email,
|
|
5212
|
+
name: result.userInfo.name ?? null,
|
|
5213
|
+
externalProvider: `oauth:${provider}`,
|
|
5214
|
+
externalId: result.userInfo.id,
|
|
5215
|
+
emailVerified: 1,
|
|
5216
|
+
createdAt: /* @__PURE__ */ new Date(),
|
|
5217
|
+
updatedAt: /* @__PURE__ */ new Date()
|
|
5218
|
+
});
|
|
5219
|
+
userId = newId;
|
|
5220
|
+
}
|
|
5221
|
+
await module.linkAccount(userId, provider, result.userInfo, {
|
|
5222
|
+
accessToken: result.account.accessToken,
|
|
5223
|
+
refreshToken: result.account.refreshToken ?? void 0,
|
|
5224
|
+
tokenType: "Bearer",
|
|
5225
|
+
raw: {}
|
|
5226
|
+
});
|
|
5227
|
+
}
|
|
5228
|
+
if (sessionManager && userId !== "__pending__") {
|
|
5229
|
+
const { session, token } = await sessionManager.create(userId);
|
|
5230
|
+
const callbackUrl = `${baseUrl}/?session=${encodeURIComponent(JSON.stringify({ token, user: { id: userId, email }, expiresAt: session.expiresAt }))}`;
|
|
5231
|
+
return redirectResponse(callbackUrl);
|
|
5232
|
+
}
|
|
5201
5233
|
return jsonResponse10({
|
|
5202
5234
|
isNewAccount: result.isNewAccount,
|
|
5203
5235
|
account: result.account,
|