npm - mates-auth - Versions diffs - 1.0.0-beta.1 - Mend

mates-auth 1.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export { useJWT, auth, type AuthDuration, type AuthClaims, type AuthContext, type JWTOptions, type AuthLoginOptions, } from "./use-jwt.js";
+export { useArctic, arcticProvider, listArcticProviders, type ArcticBuiltInProvider, type ArcticTokenSet, type ArcticProfile, type ArcticProviderConfig, type ArcticProvidersConfig, type ArcticSuccessHandler, type ArcticUseOptions, type ArcticProviderHandler, type ArcticCustomProvider, type ArcticProfileLoader, } from "./use-arctic.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,IAAI,EACJ,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,UAAU,EACf,KAAK,gBAAgB,GACtB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,SAAS,EACT,cAAc,EACd,mBAAmB,EACnB,KAAK,qBAAqB,EAC1B,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,qBAAqB,EAC1B,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,GACzB,MAAM,iBAAiB,CAAC"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export { useJWT, auth, } from "./use-jwt.js";
+export { useArctic, arcticProvider, listArcticProviders, } from "./use-arctic.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,IAAI,GAML,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,SAAS,EACT,cAAc,EACd,mBAAmB,GAWpB,MAAM,iBAAiB,CAAC"}

package/dist/sso.d.ts ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * mates-fullstack-auth — sso.ts
+ *
+ * Optional cross-domain SSO middleware.
+ *
+ * Setup:
+ *   Auth server (auth.com):  useSsoProvider({ secret, login: "/login" })
+ *   App server  (app1.com):  useSsoClient({ authUrl, secret, protected: ["/dashboard"] })
+ *
+ * Flow:
+ *   app1.com/dashboard  →  auth.com/api/sso/code?redirect=...  →  login (if needed)
+ *                        →  code JWT  →  app1.com/auth/sso/callback  →  auth.login()
+ */
+export interface SsoProviderOptions {
+    /**
+     * Shared secret between auth server and app servers.
+     * Used to sign and verify the short-lived code JWTs.
+     */
+    secret: string;
+    /**
+     * Path to the login page on the auth server.
+     * Unauthenticated users are redirected here with a `?next` param
+     * so they return to `/api/sso/code` after login.
+     * @default "/login"
+     */
+    login?: string;
+    /**
+     * Lifetime of the code JWT in seconds.
+     * @default 30
+     */
+    codeLifetime?: number;
+    /**
+     * Allowed redirect origins for the `redirect` parameter.
+     * Only URLs starting with these prefixes are accepted.
+     * Must include the protocol (e.g. "https://app1.com").
+     * When unset, only relative paths (starting with `/`) are allowed.
+     */
+    allowedOrigins?: string[];
+}
+export interface SsoClientOptions {
+    /**
+     * Base URL of the auth server (e.g. "https://auth.com").
+     */
+    authUrl: string;
+    /**
+     * Shared secret — must match exactly what the auth server uses.
+     */
+    secret: string;
+    /**
+     * Paths that require authentication.
+     * Unauthenticated visitors are redirected to the auth server.
+     * @default []
+     */
+    protected?: string[];
+    /**
+     * Where to redirect after a successful SSO login.
+     * @default "/"
+     */
+    afterLogin?: string;
+}
+/**
+ * Register SSO provider endpoints on the auth server.
+ *
+ * Creates:
+ *   GET /api/sso/code         — generates a code JWT if authenticated
+ *   GET /api/sso/after-login  — where the login page redirects after auth
+ *
+ * @example
+ * useSsoProvider({
+ *   secret: process.env.SSO_SECRET!,
+ *   login: "/login",
+ * });
+ */
+export declare function useSsoProvider(options: SsoProviderOptions): void;
+/**
+ * Register SSO client endpoints and guarded routes on an app server.
+ *
+ * Creates:
+ *   GET /auth/sso/callback  — verifies the code JWT, calls auth.login()
+ *   onRequest guard     — redirects protected routes to the auth server
+ *
+ * @example
+ * useSsoClient({
+ *   authUrl: "https://auth.com",
+ *   secret: process.env.SSO_SECRET!,
+ *   protected: ["/dashboard", "/settings"],
+ * });
+ */
+export declare function useSsoClient(options: SsoClientOptions): void;
+//# sourceMappingURL=sso.d.ts.map

package/dist/sso.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sso.d.ts","sourceRoot":"","sources":["../src/sso.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAQH,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;;;;OAKG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;;OAKG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,gBAAgB;IAC/B;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AA4CD;;;;;;;;;;;;GAYG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,IAAI,CA0HhE;AAMD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAoH5D"}

package/dist/sso.js ADDED Viewed

@@ -0,0 +1,303 @@
+/**
+ * mates-fullstack-auth — sso.ts
+ *
+ * Optional cross-domain SSO middleware.
+ *
+ * Setup:
+ *   Auth server (auth.com):  useSsoProvider({ secret, login: "/login" })
+ *   App server  (app1.com):  useSsoClient({ authUrl, secret, protected: ["/dashboard"] })
+ *
+ * Flow:
+ *   app1.com/dashboard  →  auth.com/api/sso/code?redirect=...  →  login (if needed)
+ *                        →  code JWT  →  app1.com/auth/sso/callback  →  auth.login()
+ */
+import crypto from "node:crypto";
+import { onRequest, jwt } from "mates-fullstack";
+import { auth } from "./use-jwt.js";
+// ─── Cookie helpers (internal, temporary) ─────────────────────────────────────
+const SSO_REDIRECT_COOKIE = "sso_redirect";
+const SSO_AFTER_LOGIN_COOKIE = "sso_after_login";
+const SSO_CODE_PARAM = "code";
+function _setTempCookie(ctx, name, value, path) {
+    ctx.cookie.set(name, value, {
+        httpOnly: true,
+        sameSite: "lax",
+        path,
+        maxAge: 300, // 5 min
+        secure: process.env.NODE_ENV === "production",
+    });
+}
+function _clearTempCookie(ctx, name, path) {
+    ctx.cookie.delete(name, { path });
+}
+/**
+ * Resolve the public origin for the current request.
+ * Used by the client to build the callback URL for the auth server.
+ */
+function _publicOrigin(req) {
+    const url = new URL(req.url);
+    const host = req.headers.get("x-forwarded-host") ?? url.host;
+    const proto = req.headers.get("x-forwarded-proto") ?? url.protocol.slice(0, -1);
+    return `${proto}://${host}`;
+}
+// ─── Provider side (auth.com) ────────────────────────────────────────────────
+const SSO_CODE_PATH = "/api/sso/code";
+const SSO_AFTER_LOGIN_PATH = "/api/sso/after-login";
+/**
+ * Register SSO provider endpoints on the auth server.
+ *
+ * Creates:
+ *   GET /api/sso/code         — generates a code JWT if authenticated
+ *   GET /api/sso/after-login  — where the login page redirects after auth
+ *
+ * @example
+ * useSsoProvider({
+ *   secret: process.env.SSO_SECRET!,
+ *   login: "/login",
+ * });
+ */
+export function useSsoProvider(options) {
+    const secret = options.secret;
+    if (!secret || secret.length < 8) {
+        throw new Error("useSsoProvider: secret must be at least 8 characters.");
+    }
+    const login = options.login ?? "/login";
+    const codeLifetime = options.codeLifetime ?? 30;
+    const tokens = jwt(secret);
+    onRequest(async (c) => {
+        const url = new URL(c.req.raw.url);
+        const pathname = url.pathname;
+        // ── Entry: GET /api/sso/code?redirect=... ──────────────────────────────
+        if (pathname === SSO_CODE_PATH) {
+            if (c.req.method !== "GET") {
+                return new Response(JSON.stringify({ error: "Method not allowed" }), {
+                    status: 405,
+                    headers: { "content-type": "application/json" },
+                });
+            }
+            const redirect = url.searchParams.get("redirect");
+            if (!redirect) {
+                return new Response(JSON.stringify({ error: 'Missing "redirect" parameter' }), { status: 400, headers: { "content-type": "application/json" } });
+            }
+            if (!_isValidRedirect(redirect, options.allowedOrigins)) {
+                return new Response(JSON.stringify({ error: "Invalid redirect target" }), { status: 400, headers: { "content-type": "application/json" } });
+            }
+            // Store the redirect target in a cookie so it survives login redirect
+            _setTempCookie(c, SSO_REDIRECT_COOKIE, redirect, SSO_CODE_PATH);
+            _setTempCookie(c, SSO_AFTER_LOGIN_COOKIE, redirect, SSO_AFTER_LOGIN_PATH);
+            const userId = (c.auth?.sub ?? c.auth?.userId);
+            if (!userId) {
+                // Not authenticated — redirect to login page
+                const next = encodeURIComponent(SSO_CODE_PATH);
+                const loginUrl = `${login}?next=${next}`;
+                return new Response(null, {
+                    status: 302,
+                    headers: { location: loginUrl },
+                });
+            }
+            // Authenticated — generate a short-lived code JWT and redirect
+            let aud;
+            try {
+                aud = new URL(redirect).origin;
+            }
+            catch { }
+            const code = await tokens.sign({
+                sub: userId,
+                ..._pickClaims(c.auth ?? {}),
+                jti: crypto.randomUUID(),
+                ...(aud ? { aud } : {}),
+            }, { expiresIn: codeLifetime });
+            _clearTempCookie(c, SSO_REDIRECT_COOKIE, SSO_CODE_PATH);
+            _clearTempCookie(c, SSO_AFTER_LOGIN_COOKIE, SSO_AFTER_LOGIN_PATH);
+            const stateParam = url.searchParams.get("state") || "";
+            const separator = redirect.includes("?") ? "&" : "?";
+            const location = `${redirect}${separator}${SSO_CODE_PARAM}=${code}${stateParam ? `&state=${encodeURIComponent(stateParam)}` : ""}`;
+            return new Response(null, { status: 302, headers: { location } });
+        }
+        // ── After login: GET /api/sso/after-login ──────────────────────────────
+        if (pathname === SSO_AFTER_LOGIN_PATH) {
+            if (c.req.method !== "GET") {
+                return new Response(JSON.stringify({ error: "Method not allowed" }), {
+                    status: 405,
+                    headers: { "content-type": "application/json" },
+                });
+            }
+            const redirect = c.cookie.get(SSO_AFTER_LOGIN_COOKIE) ??
+                c.cookie.get(SSO_REDIRECT_COOKIE);
+            _clearTempCookie(c, SSO_AFTER_LOGIN_COOKIE, SSO_AFTER_LOGIN_PATH);
+            const userId = (c.auth?.sub ?? c.auth?.userId);
+            if (!userId) {
+                const loginUrl = `${login}?next=${encodeURIComponent(SSO_AFTER_LOGIN_PATH)}`;
+                return new Response(null, {
+                    status: 302,
+                    headers: { location: loginUrl },
+                });
+            }
+            if (redirect) {
+                let aud;
+                try {
+                    aud = new URL(redirect).origin;
+                }
+                catch { }
+                const code = await tokens.sign({
+                    sub: userId,
+                    ..._pickClaims(c.auth ?? {}),
+                    jti: crypto.randomUUID(),
+                    ...(aud ? { aud } : {}),
+                }, { expiresIn: codeLifetime });
+                const location = `${redirect}${redirect.includes("?") ? "&" : "?"}${SSO_CODE_PARAM}=${code}`;
+                return new Response(null, { status: 302, headers: { location } });
+            }
+            // No redirect stored — go to home
+            return new Response(null, { status: 302, headers: { location: "/" } });
+        }
+    });
+}
+// ─── Client side (app1.com, app2.com) ─────────────────────────────────────────
+const SSO_CALLBACK_PATH = "/auth/sso/callback";
+/**
+ * Register SSO client endpoints and guarded routes on an app server.
+ *
+ * Creates:
+ *   GET /auth/sso/callback  — verifies the code JWT, calls auth.login()
+ *   onRequest guard     — redirects protected routes to the auth server
+ *
+ * @example
+ * useSsoClient({
+ *   authUrl: "https://auth.com",
+ *   secret: process.env.SSO_SECRET!,
+ *   protected: ["/dashboard", "/settings"],
+ * });
+ */
+export function useSsoClient(options) {
+    const { authUrl, secret, afterLogin } = options;
+    const protectedPaths = options.protected ?? [];
+    if (!secret || secret.length < 8) {
+        throw new Error("useSsoClient: secret must be at least 8 characters.");
+    }
+    if (!authUrl) {
+        throw new Error("useSsoClient: authUrl is required.");
+    }
+    const tokens = jwt(secret);
+    const _consumedJtis = new Set();
+    // ── Callback: GET /auth/sso/callback?code=... ────────────────────────────
+    onRequest(async (c) => {
+        const url = new URL(c.req.raw.url);
+        if (url.pathname !== SSO_CALLBACK_PATH)
+            return;
+        const code = url.searchParams.get(SSO_CODE_PARAM);
+        const next = url.searchParams.get("next");
+        if (!code) {
+            return new Response(JSON.stringify({ error: `Missing "${SSO_CODE_PARAM}" parameter` }), { status: 400, headers: { "content-type": "application/json" } });
+        }
+        // Verify the code JWT — ensures it was signed by the auth server
+        const payload = await tokens.verify(code);
+        if (!payload) {
+            return new Response(JSON.stringify({ error: "Invalid or expired code" }), { status: 401, headers: { "content-type": "application/json" } });
+        }
+        // Replay protection — reject reused JTIs
+        if (payload.jti && typeof payload.jti === "string") {
+            if (_consumedJtis.has(payload.jti)) {
+                return new Response(JSON.stringify({ error: "Code already used" }), {
+                    status: 401,
+                    headers: { "content-type": "application/json" },
+                });
+            }
+            _consumedJtis.add(payload.jti);
+            if (_consumedJtis.size > 10_000)
+                _consumedJtis.clear();
+        }
+        // Verify audience matches this app
+        const appOrigin = _publicOrigin(c.req.raw);
+        if (payload.aud && payload.aud !== appOrigin) {
+            return new Response(JSON.stringify({ error: "Code audience mismatch" }), {
+                status: 401,
+                headers: { "content-type": "application/json" },
+            });
+        }
+        // Verify state parameter
+        const stateParam = url.searchParams.get("state");
+        const storedState = c.cookie.get("sso_state");
+        if (stateParam && storedState && stateParam !== storedState) {
+            return new Response(JSON.stringify({ error: "Invalid state" }), {
+                status: 401,
+                headers: { "content-type": "application/json" },
+            });
+        }
+        // Clear the state cookie
+        c.cookie.delete("sso_state", { path: "/" });
+        // Extract claims — strip JWT timing fields
+        const { iat: _iat, exp: _exp, nbf: _nbf, jti: _jti, ...claims } = payload;
+        await auth.login(c, claims);
+        const location = next ?? afterLogin ?? "/";
+        return new Response(null, { status: 302, headers: { location } });
+    });
+    // ── Guard protected routes ──────────────────────────────────────────────
+    if (protectedPaths.length > 0) {
+        onRequest((c) => {
+            const url = new URL(c.req.raw.url);
+            const pathname = url.pathname;
+            const isProtected = protectedPaths.some((p) => pathname === p || pathname.startsWith(p + "/"));
+            if (!isProtected)
+                return;
+            // Already authenticated
+            const userId = c.auth?.sub ?? c.auth?.userId;
+            if (userId)
+                return;
+            // Redirect to auth server
+            const origin = _publicOrigin(c.req.raw);
+            const callbackUrl = `${origin}${SSO_CALLBACK_PATH}`;
+            const codeUrl = `${authUrl}${SSO_CODE_PATH}`;
+            const state = crypto.randomUUID();
+            c.cookie.set("sso_state", state, {
+                httpOnly: true,
+                sameSite: "lax",
+                path: "/",
+                maxAge: 300,
+                secure: process.env.NODE_ENV === "production",
+            });
+            const redirectTarget = `${codeUrl}?redirect=${encodeURIComponent(callbackUrl + "?next=" + encodeURIComponent(pathname))}&state=${encodeURIComponent(state)}`;
+            return new Response(null, {
+                status: 302,
+                headers: { location: redirectTarget },
+            });
+        });
+    }
+}
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+/**
+ * Validate the redirect URL to prevent open redirect attacks.
+ * - Relative paths (starting with `/`) are always allowed.
+ * - Absolute URLs with a host are only allowed if their origin matches
+ *   one of the allowedOrigins.
+ */
+function _isValidRedirect(redirect, allowedOrigins) {
+    // Relative paths are safe — always allow
+    if (redirect.startsWith("/"))
+        return true;
+    // Absolute URL — must match an allowed origin
+    if (!allowedOrigins || allowedOrigins.length === 0)
+        return false;
+    try {
+        const u = new URL(redirect);
+        const origin = `${u.protocol}//${u.host}`;
+        return allowedOrigins.some((allowed) => allowed === origin || redirect.startsWith(allowed));
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Pick safe display claims from ctx.auth to include in the code JWT.
+ */
+function _pickClaims(auth) {
+    const safe = {};
+    const keys = ["userId", "userName", "username", "name", "email", "roles"];
+    for (const key of keys) {
+        const val = auth[key];
+        if (val !== undefined)
+            safe[key] = val;
+    }
+    return safe;
+}
+//# sourceMappingURL=sso.js.map

package/dist/sso.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sso.js","sourceRoot":"","sources":["../src/sso.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,GAAG,EAAgB,MAAM,iBAAiB,CAAC;AAC/D,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AAqDpC,iFAAiF;AAEjF,MAAM,mBAAmB,GAAG,cAAc,CAAC;AAC3C,MAAM,sBAAsB,GAAG,iBAAiB,CAAC;AACjD,MAAM,cAAc,GAAG,MAAM,CAAC;AAE9B,SAAS,cAAc,CACrB,GAAY,EACZ,IAAY,EACZ,KAAa,EACb,IAAY;IAEZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE;QAC1B,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,KAAK;QACf,IAAI;QACJ,MAAM,EAAE,GAAG,EAAE,QAAQ;QACrB,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;KAC9C,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAY,EAAE,IAAY,EAAE,IAAY;IAChE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,GAAY;IACjC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC;IAC7D,MAAM,KAAK,GACT,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,OAAO,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED,gFAAgF;AAEhF,MAAM,aAAa,GAAG,eAAe,CAAC;AACtC,MAAM,oBAAoB,GAAG,sBAAsB,CAAC;AAEpD;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,cAAc,CAAC,OAA2B;IACxD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,QAAQ,CAAC;IACxC,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;IAChD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IAE3B,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;QACpB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QAE9B,0EAA0E;QAC1E,IAAI,QAAQ,KAAK,aAAa,EAAE,CAAC;YAC/B,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC3B,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,EAAE;oBACnE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CAAC,CAAC;YACL,CAAC;YAED,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAClD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,EACzD,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;gBACxD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,EACpD,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;YACJ,CAAC;YAED,sEAAsE;YACtE,cAAc,CAAC,CAAC,EAAE,mBAAmB,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;YAChE,cAAc,CAAC,CAAC,EAAE,sBAAsB,EAAE,QAAQ,EAAE,oBAAoB,CAAC,CAAC;YAE1E,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,MAAM,CAAuB,CAAC;YACrE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,6CAA6C;gBAC7C,MAAM,IAAI,GAAG,kBAAkB,CAAC,aAAa,CAAC,CAAC;gBAC/C,MAAM,QAAQ,GAAG,GAAG,KAAK,SAAS,IAAI,EAAE,CAAC;gBACzC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;oBACxB,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,+DAA+D;YAC/D,IAAI,GAAuB,CAAC;YAC5B,IAAI,CAAC;gBACH,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;YACjC,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;YACV,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,CAC5B;gBACE,GAAG,EAAE,MAAM;gBACX,GAAG,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;gBAC5B,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE;gBACxB,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACxB,EACD,EAAE,SAAS,EAAE,YAAY,EAAE,CAC5B,CAAC;YAEF,gBAAgB,CAAC,CAAC,EAAE,mBAAmB,EAAE,aAAa,CAAC,CAAC;YACxD,gBAAgB,CAAC,CAAC,EAAE,sBAAsB,EAAE,oBAAoB,CAAC,CAAC;YAElE,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACvD,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACrD,MAAM,QAAQ,GAAG,GAAG,QAAQ,GAAG,SAAS,GAAG,cAAc,IAAI,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,UAAU,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;YACnI,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,0EAA0E;QAC1E,IAAI,QAAQ,KAAK,oBAAoB,EAAE,CAAC;YACtC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC3B,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,EAAE;oBACnE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CAAC,CAAC;YACL,CAAC;YAED,MAAM,QAAQ,GACZ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,sBAAsB,CAAC;gBACpC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;YACpC,gBAAgB,CAAC,CAAC,EAAE,sBAAsB,EAAE,oBAAoB,CAAC,CAAC;YAElE,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,MAAM,CAAuB,CAAC;YACrE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,QAAQ,GAAG,GAAG,KAAK,SAAS,kBAAkB,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC7E,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;oBACxB,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,GAAuB,CAAC;gBAC5B,IAAI,CAAC;oBACH,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;gBACjC,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;gBACV,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,CAC5B;oBACE,GAAG,EAAE,MAAM;oBACX,GAAG,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;oBAC5B,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE;oBACxB,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACxB,EACD,EAAE,SAAS,EAAE,YAAY,EAAE,CAC5B,CAAC;gBACF,MAAM,QAAQ,GAAG,GAAG,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,cAAc,IAAI,IAAI,EAAE,CAAC;gBAC7F,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;YACpE,CAAC;YAED,kCAAkC;YAClC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,iFAAiF;AAEjF,MAAM,iBAAiB,GAAG,oBAAoB,CAAC;AAE/C;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,YAAY,CAAC,OAAyB;IACpD,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAChD,MAAM,cAAc,GAAG,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;IAE/C,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IAE3B,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IAExC,4EAA4E;IAC5E,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;QACpB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,GAAG,CAAC,QAAQ,KAAK,iBAAiB;YAAE,OAAO;QAE/C,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAClD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,YAAY,cAAc,aAAa,EAAE,CAAC,EAClE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;QACJ,CAAC;QAED,iEAAiE;QACjE,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,EACpD,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;QACJ,CAAC;QAED,yCAAyC;QACzC,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YACnD,IAAI,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,EAAE;oBAClE,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;iBAChD,CAAC,CAAC;YACL,CAAC;YACD,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,aAAa,CAAC,IAAI,GAAG,MAAM;gBAAE,aAAa,CAAC,KAAK,EAAE,CAAC;QACzD,CAAC;QAED,mCAAmC;QACnC,MAAM,SAAS,GAAG,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,EAAE;gBACvE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAC;QACL,CAAC;QAED,yBAAyB;QACzB,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC9C,IAAI,UAAU,IAAI,WAAW,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;YAC5D,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EAAE;gBAC9D,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAC;QACL,CAAC;QACD,yBAAyB;QACzB,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QAE5C,2CAA2C;QAC3C,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC;QAE1E,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,MAAa,CAAC,CAAC;QAEnC,MAAM,QAAQ,GAAG,IAAI,IAAI,UAAU,IAAI,GAAG,CAAC;QAC3C,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;IAEH,2EAA2E;IAC3E,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE;YACd,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;YAE9B,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CACrC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,KAAK,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC,GAAG,GAAG,CAAC,CACtD,CAAC;YACF,IAAI,CAAC,WAAW;gBAAE,OAAO;YAEzB,wBAAwB;YACxB,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC;YAC7C,IAAI,MAAM;gBAAE,OAAO;YAEnB,0BAA0B;YAC1B,MAAM,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,GAAG,MAAM,GAAG,iBAAiB,EAAE,CAAC;YACpD,MAAM,OAAO,GAAG,GAAG,OAAO,GAAG,aAAa,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YAClC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,EAAE;gBAC/B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,KAAK;gBACf,IAAI,EAAE,GAAG;gBACT,MAAM,EAAE,GAAG;gBACX,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;aAC9C,CAAC,CAAC;YACH,MAAM,cAAc,GAAG,GAAG,OAAO,aAAa,kBAAkB,CAAC,WAAW,GAAG,QAAQ,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC,UAAU,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;YAE7J,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;gBACxB,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE;aACtC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,iFAAiF;AAEjF;;;;;GAKG;AACH,SAAS,gBAAgB,CACvB,QAAgB,EAChB,cAAyB;IAEzB,yCAAyC;IACzC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1C,8CAA8C;IAC9C,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEjE,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1C,OAAO,cAAc,CAAC,IAAI,CACxB,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAChE,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAA6B;IAChD,MAAM,IAAI,GAA4B,EAAE,CAAC;IACzC,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1E,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,GAAG,KAAK,SAAS;YAAE,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACzC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/use-arctic.d.ts ADDED Viewed

@@ -0,0 +1,101 @@
+import { type OAuth2Tokens } from "arctic";
+import { type Context, type CookieOptions } from "mates-fullstack";
+export type ArcticBuiltInProvider = "apple" | "discord" | "facebook" | "github" | "gitlab" | "google" | "linkedin" | "microsoft" | "spotify" | "twitter";
+export interface ArcticTokenSet {
+    accessToken: string | null;
+    refreshToken: string | null;
+    idToken: string | null;
+    tokenType: string | null;
+    expiresAt: Date | null;
+    scopes: string[] | null;
+    raw: object;
+}
+export interface ArcticProfile<Raw = unknown> {
+    provider: string;
+    id: string;
+    email: string | null;
+    name: string | null;
+    avatar: string | null;
+    username?: string | null;
+    raw: Raw;
+    tokens: ArcticTokenSet;
+}
+export interface ArcticProviderConfig {
+    clientId: string;
+    clientSecret?: string | null;
+    redirectUri?: string;
+    scopes?: string[];
+    /** Microsoft Entra ID tenant. Defaults to "common". */
+    tenant?: string;
+    /** Apple Team ID. */
+    teamId?: string;
+    /** Apple Key ID. */
+    keyId?: string;
+    /** Apple private key in PKCS#8 PEM format. */
+    privateKey?: string;
+    /** GitLab base URL. Defaults to https://gitlab.com. */
+    baseURL?: string;
+    /** Override the built-in profile fetcher or add one for custom providers. */
+    profile?: ArcticProfileLoader;
+    /** Override whether this provider uses PKCE. */
+    usesPKCE?: boolean;
+    /**
+     * Called after the provider returns a profile.
+     * Return the claims to bake into the JWT — typically after an upsert in your DB.
+     */
+    onSuccess: ArcticSuccessHandler;
+}
+export type ArcticProvidersConfig = Partial<Record<ArcticBuiltInProvider | string, ArcticProviderConfig | ArcticCustomProvider>>;
+/**
+ * Called after the provider returns a verified profile.
+ * You are fully in control — call `auth.login(ctx, claims)` to issue tokens,
+ * update the DB to link an account, or do nothing at all.
+ * Return a path string to override the post-OAuth redirect.
+ */
+export type ArcticSuccessHandler = (profile: ArcticProfile, ctx: Context) => string | void | Promise<string | void>;
+export interface ArcticUseOptions {
+    /** Route base for OAuth endpoints. Default: "/auth". */
+    basePath?: string;
+    /** Default redirect after login. Default: "/". */
+    afterLogin?: string;
+    /** Redirect after OAuth failure. If omitted, failures return JSON. */
+    onErrorRedirect?: string;
+    /** Cookie path/domain/sameSite/secure controls for temporary OAuth cookies. */
+    cookie?: Pick<CookieOptions, "path" | "domain" | "sameSite" | "secure">;
+    /** Temporary OAuth state cookie lifetime in seconds. Default: 10 minutes. */
+    stateMaxAge?: number;
+}
+export interface ArcticProviderHandler {
+    defaultScopes: string[];
+    usesPKCE: boolean;
+    start(config: ArcticProviderConfig, redirectUri: string, state: string, codeVerifier: string | null): Promise<URL> | URL;
+    callback(config: ArcticProviderConfig, redirectUri: string, code: string, codeVerifier: string | null, providerName: string): Promise<ArcticProfile>;
+}
+export interface ArcticCustomProvider extends ArcticProviderConfig {
+    handler: ArcticProviderHandler;
+}
+export type ArcticProfileLoader = (tokens: OAuth2Tokens, providerName: string) => Promise<Omit<ArcticProfile, "provider" | "tokens">>;
+/**
+ * Register social login routes for every configured provider.
+ *
+ * The framework automatically handles:
+ *   GET /auth/:provider          — redirect to provider
+ *   GET /auth/:provider/callback — exchange code, call onSuccess, set cookies
+ *
+ * @example
+ * useArctic({
+ *   google: {
+ *     clientId: process.env.GOOGLE_CLIENT_ID!,
+ *     clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
+ *     onSuccess: async (profile) => {
+ *       const user = await db.upsert({ provider: profile.provider, providerId: profile.id, ... });
+ *       return { userId: user.id, email: user.email, roles: user.roles };
+ *     },
+ *   },
+ * });
+ */
+export declare function useArctic(providers: ArcticProvidersConfig, options?: ArcticUseOptions): void;
+/** Define a custom Arctic provider adapter for providers without a built-in profile normalizer. */
+export declare function arcticProvider(config: ArcticCustomProvider): ArcticCustomProvider;
+export declare function listArcticProviders(): ArcticBuiltInProvider[];
+//# sourceMappingURL=use-arctic.d.ts.map

package/dist/use-arctic.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"use-arctic.d.ts","sourceRoot":"","sources":["../src/use-arctic.ts"],"names":[],"mappings":"AAAA,OAAO,EAcL,KAAK,YAAY,EAClB,MAAM,QAAQ,CAAC;AAChB,OAAO,EAGL,KAAK,OAAO,EACZ,KAAK,aAAa,EACnB,MAAM,iBAAiB,CAAC;AAGzB,MAAM,MAAM,qBAAqB,GAC7B,OAAO,GACP,SAAS,GACT,UAAU,GACV,QAAQ,GACR,QAAQ,GACR,QAAQ,GACR,UAAU,GACV,WAAW,GACX,SAAS,GACT,SAAS,CAAC;AAEd,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACxB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,aAAa,CAAC,GAAG,GAAG,OAAO;IAC1C,QAAQ,EAAE,MAAM,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,GAAG,EAAE,GAAG,CAAC;IACT,MAAM,EAAE,cAAc,CAAC;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,uDAAuD;IACvD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qBAAqB;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oBAAoB;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,6EAA6E;IAC7E,OAAO,CAAC,EAAE,mBAAmB,CAAC;IAC9B,gDAAgD;IAChD,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;;OAGG;IACH,SAAS,EAAE,oBAAoB,CAAC;CACjC;AAED,MAAM,MAAM,qBAAqB,GAAG,OAAO,CACzC,MAAM,CACJ,qBAAqB,GAAG,MAAM,EAC9B,oBAAoB,GAAG,oBAAoB,CAC5C,CACF,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,GAAG,CACjC,OAAO,EAAE,aAAa,EACtB,GAAG,EAAE,OAAO,KACT,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;AAE5C,MAAM,WAAW,gBAAgB;IAC/B,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sEAAsE;IACtE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,+EAA+E;IAC/E,MAAM,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,MAAM,GAAG,QAAQ,GAAG,UAAU,GAAG,QAAQ,CAAC,CAAC;IACxE,6EAA6E;IAC7E,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,CACH,MAAM,EAAE,oBAAoB,EAC5B,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,MAAM,GAAG,IAAI,GAC1B,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACtB,QAAQ,CACN,MAAM,EAAE,oBAAoB,EAC5B,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,GAAG,IAAI,EAC3B,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,aAAa,CAAC,CAAC;CAC3B;AAED,MAAM,WAAW,oBAAqB,SAAQ,oBAAoB;IAChE,OAAO,EAAE,qBAAqB,CAAC;CAChC;AAED,MAAM,MAAM,mBAAmB,GAAG,CAChC,MAAM,EAAE,YAAY,EACpB,YAAY,EAAE,MAAM,KACjB,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,UAAU,GAAG,QAAQ,CAAC,CAAC,CAAC;AAYzD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,SAAS,CACvB,SAAS,EAAE,qBAAqB,EAChC,OAAO,GAAE,gBAAqB,GAC7B,IAAI,CA6BN;AAED,mGAAmG;AACnG,wBAAgB,cAAc,CAC5B,MAAM,EAAE,oBAAoB,GAC3B,oBAAoB,CAEtB;AAED,wBAAgB,mBAAmB,IAAI,qBAAqB,EAAE,CAE7D"}