mulguard 1.1.6 → 1.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +21 -1078
- package/adapters.d.ts +2 -0
- package/adapters.d.ts.map +1 -0
- package/adapters.js +1 -0
- package/index.d.ts +329 -0
- package/index.d.ts.map +1 -0
- package/index.js +145 -0
- package/jwt.d.ts +9 -0
- package/jwt.d.ts.map +1 -0
- package/jwt.js +8 -0
- package/lib/actions.d.ts +13 -0
- package/lib/actions.d.ts.map +1 -0
- package/lib/actions.js +86 -0
- package/lib/client.d.ts +104 -0
- package/lib/client.d.ts.map +1 -0
- package/lib/client.js +95 -0
- package/lib/env.d.ts +12 -0
- package/lib/env.d.ts.map +1 -0
- package/lib/env.js +38 -0
- package/lib/index.d.ts +56 -0
- package/lib/index.d.ts.map +1 -0
- package/lib/index.js +187 -0
- package/lib/types.d.ts +24 -0
- package/lib/types.d.ts.map +1 -0
- package/lib/types.js +1 -0
- package/middleware.d.ts +9 -0
- package/middleware.d.ts.map +1 -0
- package/middleware.js +12 -0
- package/next.d.ts +9 -0
- package/next.d.ts.map +1 -0
- package/next.js +12 -0
- package/package.json +117 -73
- package/providers/42-school.d.ts +3 -0
- package/providers/42-school.d.ts.map +1 -0
- package/providers/42-school.js +2 -0
- package/providers/apple.d.ts +3 -0
- package/providers/apple.d.ts.map +1 -0
- package/providers/apple.js +2 -0
- package/providers/asgardeo.d.ts +3 -0
- package/providers/asgardeo.d.ts.map +1 -0
- package/providers/asgardeo.js +2 -0
- package/providers/atlassian.d.ts +3 -0
- package/providers/atlassian.d.ts.map +1 -0
- package/providers/atlassian.js +2 -0
- package/providers/auth0.d.ts +3 -0
- package/providers/auth0.d.ts.map +1 -0
- package/providers/auth0.js +2 -0
- package/providers/authentik.d.ts +3 -0
- package/providers/authentik.d.ts.map +1 -0
- package/providers/authentik.js +2 -0
- package/providers/azure-ad-b2c.d.ts +3 -0
- package/providers/azure-ad-b2c.d.ts.map +1 -0
- package/providers/azure-ad-b2c.js +2 -0
- package/providers/azure-ad.d.ts +3 -0
- package/providers/azure-ad.d.ts.map +1 -0
- package/providers/azure-ad.js +2 -0
- package/providers/azure-devops.d.ts +3 -0
- package/providers/azure-devops.d.ts.map +1 -0
- package/providers/azure-devops.js +2 -0
- package/providers/bankid-no.d.ts +3 -0
- package/providers/bankid-no.d.ts.map +1 -0
- package/providers/bankid-no.js +2 -0
- package/providers/battlenet.d.ts +3 -0
- package/providers/battlenet.d.ts.map +1 -0
- package/providers/battlenet.js +2 -0
- package/providers/beyondidentity.d.ts +3 -0
- package/providers/beyondidentity.d.ts.map +1 -0
- package/providers/beyondidentity.js +2 -0
- package/providers/bitbucket.d.ts +3 -0
- package/providers/bitbucket.d.ts.map +1 -0
- package/providers/bitbucket.js +2 -0
- package/providers/box.d.ts +3 -0
- package/providers/box.d.ts.map +1 -0
- package/providers/box.js +2 -0
- package/providers/boxyhq-saml.d.ts +3 -0
- package/providers/boxyhq-saml.d.ts.map +1 -0
- package/providers/boxyhq-saml.js +2 -0
- package/providers/bungie.d.ts +3 -0
- package/providers/bungie.d.ts.map +1 -0
- package/providers/bungie.js +2 -0
- package/providers/click-up.d.ts +3 -0
- package/providers/click-up.d.ts.map +1 -0
- package/providers/click-up.js +2 -0
- package/providers/cognito.d.ts +3 -0
- package/providers/cognito.d.ts.map +1 -0
- package/providers/cognito.js +2 -0
- package/providers/coinbase.d.ts +3 -0
- package/providers/coinbase.d.ts.map +1 -0
- package/providers/coinbase.js +2 -0
- package/providers/concept2.d.ts +3 -0
- package/providers/concept2.d.ts.map +1 -0
- package/providers/concept2.js +2 -0
- package/providers/credentials.d.ts +3 -0
- package/providers/credentials.d.ts.map +1 -0
- package/providers/credentials.js +2 -0
- package/providers/descope.d.ts +3 -0
- package/providers/descope.d.ts.map +1 -0
- package/providers/descope.js +2 -0
- package/providers/discord.d.ts +3 -0
- package/providers/discord.d.ts.map +1 -0
- package/providers/discord.js +2 -0
- package/providers/dribbble.d.ts +3 -0
- package/providers/dribbble.d.ts.map +1 -0
- package/providers/dribbble.js +2 -0
- package/providers/dropbox.d.ts +3 -0
- package/providers/dropbox.d.ts.map +1 -0
- package/providers/dropbox.js +2 -0
- package/providers/duende-identity-server6.d.ts +3 -0
- package/providers/duende-identity-server6.d.ts.map +1 -0
- package/providers/duende-identity-server6.js +2 -0
- package/providers/email.d.ts +3 -0
- package/providers/email.d.ts.map +1 -0
- package/providers/email.js +2 -0
- package/providers/eventbrite.d.ts +3 -0
- package/providers/eventbrite.d.ts.map +1 -0
- package/providers/eventbrite.js +2 -0
- package/providers/eveonline.d.ts +3 -0
- package/providers/eveonline.d.ts.map +1 -0
- package/providers/eveonline.js +2 -0
- package/providers/facebook.d.ts +3 -0
- package/providers/facebook.d.ts.map +1 -0
- package/providers/facebook.js +2 -0
- package/providers/faceit.d.ts +3 -0
- package/providers/faceit.d.ts.map +1 -0
- package/providers/faceit.js +2 -0
- package/providers/figma.d.ts +3 -0
- package/providers/figma.d.ts.map +1 -0
- package/providers/figma.js +2 -0
- package/providers/forwardemail.d.ts +3 -0
- package/providers/forwardemail.d.ts.map +1 -0
- package/providers/forwardemail.js +2 -0
- package/providers/foursquare.d.ts +3 -0
- package/providers/foursquare.d.ts.map +1 -0
- package/providers/foursquare.js +2 -0
- package/providers/freshbooks.d.ts +3 -0
- package/providers/freshbooks.d.ts.map +1 -0
- package/providers/freshbooks.js +2 -0
- package/providers/frontegg.d.ts +3 -0
- package/providers/frontegg.d.ts.map +1 -0
- package/providers/frontegg.js +2 -0
- package/providers/fusionauth.d.ts +3 -0
- package/providers/fusionauth.d.ts.map +1 -0
- package/providers/fusionauth.js +2 -0
- package/providers/github.d.ts +3 -0
- package/providers/github.d.ts.map +1 -0
- package/providers/github.js +2 -0
- package/providers/gitlab.d.ts +3 -0
- package/providers/gitlab.d.ts.map +1 -0
- package/providers/gitlab.js +2 -0
- package/providers/google.d.ts +3 -0
- package/providers/google.d.ts.map +1 -0
- package/providers/google.js +2 -0
- package/providers/hubspot.d.ts +3 -0
- package/providers/hubspot.d.ts.map +1 -0
- package/providers/hubspot.js +2 -0
- package/providers/huggingface.d.ts +3 -0
- package/providers/huggingface.d.ts.map +1 -0
- package/providers/huggingface.js +2 -0
- package/providers/identity-server4.d.ts +3 -0
- package/providers/identity-server4.d.ts.map +1 -0
- package/providers/identity-server4.js +2 -0
- package/providers/index.d.ts +2 -0
- package/providers/index.d.ts.map +1 -0
- package/providers/index.js +1 -0
- package/providers/instagram.d.ts +3 -0
- package/providers/instagram.d.ts.map +1 -0
- package/providers/instagram.js +2 -0
- package/providers/kakao.d.ts +3 -0
- package/providers/kakao.d.ts.map +1 -0
- package/providers/kakao.js +2 -0
- package/providers/keycloak.d.ts +3 -0
- package/providers/keycloak.d.ts.map +1 -0
- package/providers/keycloak.js +2 -0
- package/providers/kinde.d.ts +3 -0
- package/providers/kinde.d.ts.map +1 -0
- package/providers/kinde.js +2 -0
- package/providers/line.d.ts +3 -0
- package/providers/line.d.ts.map +1 -0
- package/providers/line.js +2 -0
- package/providers/linkedin.d.ts +3 -0
- package/providers/linkedin.d.ts.map +1 -0
- package/providers/linkedin.js +2 -0
- package/providers/logto.d.ts +3 -0
- package/providers/logto.d.ts.map +1 -0
- package/providers/logto.js +2 -0
- package/providers/loops.d.ts +3 -0
- package/providers/loops.d.ts.map +1 -0
- package/providers/loops.js +2 -0
- package/providers/mailchimp.d.ts +3 -0
- package/providers/mailchimp.d.ts.map +1 -0
- package/providers/mailchimp.js +2 -0
- package/providers/mailgun.d.ts +3 -0
- package/providers/mailgun.d.ts.map +1 -0
- package/providers/mailgun.js +2 -0
- package/providers/mailru.d.ts +3 -0
- package/providers/mailru.d.ts.map +1 -0
- package/providers/mailru.js +2 -0
- package/providers/mastodon.d.ts +3 -0
- package/providers/mastodon.d.ts.map +1 -0
- package/providers/mastodon.js +2 -0
- package/providers/mattermost.d.ts +3 -0
- package/providers/mattermost.d.ts.map +1 -0
- package/providers/mattermost.js +2 -0
- package/providers/medium.d.ts +3 -0
- package/providers/medium.d.ts.map +1 -0
- package/providers/medium.js +2 -0
- package/providers/microsoft-entra-id.d.ts +3 -0
- package/providers/microsoft-entra-id.d.ts.map +1 -0
- package/providers/microsoft-entra-id.js +2 -0
- package/providers/naver.d.ts +3 -0
- package/providers/naver.d.ts.map +1 -0
- package/providers/naver.js +2 -0
- package/providers/netlify.d.ts +3 -0
- package/providers/netlify.d.ts.map +1 -0
- package/providers/netlify.js +2 -0
- package/providers/netsuite.d.ts +3 -0
- package/providers/netsuite.d.ts.map +1 -0
- package/providers/netsuite.js +2 -0
- package/providers/nextcloud.d.ts +3 -0
- package/providers/nextcloud.d.ts.map +1 -0
- package/providers/nextcloud.js +2 -0
- package/providers/nodemailer.d.ts +3 -0
- package/providers/nodemailer.d.ts.map +1 -0
- package/providers/nodemailer.js +2 -0
- package/providers/notion.d.ts +3 -0
- package/providers/notion.d.ts.map +1 -0
- package/providers/notion.js +2 -0
- package/providers/okta.d.ts +3 -0
- package/providers/okta.d.ts.map +1 -0
- package/providers/okta.js +2 -0
- package/providers/onelogin.d.ts +3 -0
- package/providers/onelogin.d.ts.map +1 -0
- package/providers/onelogin.js +2 -0
- package/providers/ory-hydra.d.ts +3 -0
- package/providers/ory-hydra.d.ts.map +1 -0
- package/providers/ory-hydra.js +2 -0
- package/providers/osso.d.ts +3 -0
- package/providers/osso.d.ts.map +1 -0
- package/providers/osso.js +2 -0
- package/providers/osu.d.ts +3 -0
- package/providers/osu.d.ts.map +1 -0
- package/providers/osu.js +2 -0
- package/providers/passage.d.ts +3 -0
- package/providers/passage.d.ts.map +1 -0
- package/providers/passage.js +2 -0
- package/providers/passkey.d.ts +3 -0
- package/providers/passkey.d.ts.map +1 -0
- package/providers/passkey.js +2 -0
- package/providers/patreon.d.ts +3 -0
- package/providers/patreon.d.ts.map +1 -0
- package/providers/patreon.js +2 -0
- package/providers/ping-id.d.ts +3 -0
- package/providers/ping-id.d.ts.map +1 -0
- package/providers/ping-id.js +2 -0
- package/providers/pinterest.d.ts +3 -0
- package/providers/pinterest.d.ts.map +1 -0
- package/providers/pinterest.js +2 -0
- package/providers/pipedrive.d.ts +3 -0
- package/providers/pipedrive.d.ts.map +1 -0
- package/providers/pipedrive.js +2 -0
- package/providers/postmark.d.ts +3 -0
- package/providers/postmark.d.ts.map +1 -0
- package/providers/postmark.js +2 -0
- package/providers/reddit.d.ts +3 -0
- package/providers/reddit.d.ts.map +1 -0
- package/providers/reddit.js +2 -0
- package/providers/resend.d.ts +3 -0
- package/providers/resend.d.ts.map +1 -0
- package/providers/resend.js +2 -0
- package/providers/roblox.d.ts +3 -0
- package/providers/roblox.d.ts.map +1 -0
- package/providers/roblox.js +2 -0
- package/providers/salesforce.d.ts +3 -0
- package/providers/salesforce.d.ts.map +1 -0
- package/providers/salesforce.js +2 -0
- package/providers/sendgrid.d.ts +3 -0
- package/providers/sendgrid.d.ts.map +1 -0
- package/providers/sendgrid.js +2 -0
- package/providers/simplelogin.d.ts +3 -0
- package/providers/simplelogin.d.ts.map +1 -0
- package/providers/simplelogin.js +2 -0
- package/providers/slack.d.ts +3 -0
- package/providers/slack.d.ts.map +1 -0
- package/providers/slack.js +2 -0
- package/providers/spotify.d.ts +3 -0
- package/providers/spotify.d.ts.map +1 -0
- package/providers/spotify.js +2 -0
- package/providers/strava.d.ts +3 -0
- package/providers/strava.d.ts.map +1 -0
- package/providers/strava.js +2 -0
- package/providers/threads.d.ts +3 -0
- package/providers/threads.d.ts.map +1 -0
- package/providers/threads.js +2 -0
- package/providers/tiktok.d.ts +3 -0
- package/providers/tiktok.d.ts.map +1 -0
- package/providers/tiktok.js +2 -0
- package/providers/todoist.d.ts +3 -0
- package/providers/todoist.d.ts.map +1 -0
- package/providers/todoist.js +2 -0
- package/providers/trakt.d.ts +3 -0
- package/providers/trakt.d.ts.map +1 -0
- package/providers/trakt.js +2 -0
- package/providers/twitch.d.ts +3 -0
- package/providers/twitch.d.ts.map +1 -0
- package/providers/twitch.js +2 -0
- package/providers/twitter.d.ts +3 -0
- package/providers/twitter.d.ts.map +1 -0
- package/providers/twitter.js +2 -0
- package/providers/united-effects.d.ts +3 -0
- package/providers/united-effects.d.ts.map +1 -0
- package/providers/united-effects.js +2 -0
- package/providers/vipps.d.ts +3 -0
- package/providers/vipps.d.ts.map +1 -0
- package/providers/vipps.js +2 -0
- package/providers/vk.d.ts +3 -0
- package/providers/vk.d.ts.map +1 -0
- package/providers/vk.js +2 -0
- package/providers/webauthn.d.ts +3 -0
- package/providers/webauthn.d.ts.map +1 -0
- package/providers/webauthn.js +2 -0
- package/providers/webex.d.ts +3 -0
- package/providers/webex.d.ts.map +1 -0
- package/providers/webex.js +2 -0
- package/providers/wechat.d.ts +3 -0
- package/providers/wechat.d.ts.map +1 -0
- package/providers/wechat.js +2 -0
- package/providers/wikimedia.d.ts +3 -0
- package/providers/wikimedia.d.ts.map +1 -0
- package/providers/wikimedia.js +2 -0
- package/providers/wordpress.d.ts +3 -0
- package/providers/wordpress.d.ts.map +1 -0
- package/providers/wordpress.js +2 -0
- package/providers/workos.d.ts +3 -0
- package/providers/workos.d.ts.map +1 -0
- package/providers/workos.js +2 -0
- package/providers/yandex.d.ts +3 -0
- package/providers/yandex.d.ts.map +1 -0
- package/providers/yandex.js +2 -0
- package/providers/zitadel.d.ts +3 -0
- package/providers/zitadel.d.ts.map +1 -0
- package/providers/zitadel.js +2 -0
- package/providers/zoho.d.ts +3 -0
- package/providers/zoho.d.ts.map +1 -0
- package/providers/zoho.js +2 -0
- package/providers/zoom.d.ts +3 -0
- package/providers/zoom.d.ts.map +1 -0
- package/providers/zoom.js +2 -0
- package/react.d.ts +102 -0
- package/react.d.ts.map +1 -0
- package/react.js +361 -0
- package/src/adapters.ts +1 -0
- package/src/index.ts +430 -0
- package/src/jwt.ts +9 -0
- package/src/lib/actions.ts +144 -0
- package/src/lib/client.ts +245 -0
- package/src/lib/env.ts +36 -0
- package/src/lib/index.ts +313 -0
- package/src/lib/types.ts +30 -0
- package/src/middleware.ts +16 -0
- package/src/next.ts +16 -0
- package/src/providers/42-school.ts +2 -0
- package/src/providers/apple.ts +2 -0
- package/src/providers/asgardeo.ts +2 -0
- package/src/providers/atlassian.ts +2 -0
- package/src/providers/auth0.ts +2 -0
- package/src/providers/authentik.ts +2 -0
- package/src/providers/azure-ad-b2c.ts +2 -0
- package/src/providers/azure-ad.ts +2 -0
- package/src/providers/azure-devops.ts +2 -0
- package/src/providers/bankid-no.ts +2 -0
- package/src/providers/battlenet.ts +2 -0
- package/src/providers/beyondidentity.ts +2 -0
- package/src/providers/bitbucket.ts +2 -0
- package/src/providers/box.ts +2 -0
- package/src/providers/boxyhq-saml.ts +2 -0
- package/src/providers/bungie.ts +2 -0
- package/src/providers/click-up.ts +2 -0
- package/src/providers/cognito.ts +2 -0
- package/src/providers/coinbase.ts +2 -0
- package/src/providers/concept2.ts +2 -0
- package/src/providers/credentials.ts +2 -0
- package/src/providers/descope.ts +2 -0
- package/src/providers/discord.ts +2 -0
- package/src/providers/dribbble.ts +2 -0
- package/src/providers/dropbox.ts +2 -0
- package/src/providers/duende-identity-server6.ts +2 -0
- package/src/providers/email.ts +2 -0
- package/src/providers/eventbrite.ts +2 -0
- package/src/providers/eveonline.ts +2 -0
- package/src/providers/facebook.ts +2 -0
- package/src/providers/faceit.ts +2 -0
- package/src/providers/figma.ts +2 -0
- package/src/providers/forwardemail.ts +2 -0
- package/src/providers/foursquare.ts +2 -0
- package/src/providers/freshbooks.ts +2 -0
- package/src/providers/frontegg.ts +2 -0
- package/src/providers/fusionauth.ts +2 -0
- package/src/providers/github.ts +2 -0
- package/src/providers/gitlab.ts +2 -0
- package/src/providers/google.ts +2 -0
- package/src/providers/hubspot.ts +2 -0
- package/src/providers/huggingface.ts +2 -0
- package/src/providers/identity-server4.ts +2 -0
- package/src/providers/index.ts +1 -0
- package/src/providers/instagram.ts +2 -0
- package/src/providers/kakao.ts +2 -0
- package/src/providers/keycloak.ts +2 -0
- package/src/providers/kinde.ts +2 -0
- package/src/providers/line.ts +2 -0
- package/src/providers/linkedin.ts +2 -0
- package/src/providers/logto.ts +2 -0
- package/src/providers/loops.ts +2 -0
- package/src/providers/mailchimp.ts +2 -0
- package/src/providers/mailgun.ts +2 -0
- package/src/providers/mailru.ts +2 -0
- package/src/providers/mastodon.ts +2 -0
- package/src/providers/mattermost.ts +2 -0
- package/src/providers/medium.ts +2 -0
- package/src/providers/microsoft-entra-id.ts +2 -0
- package/src/providers/naver.ts +2 -0
- package/src/providers/netlify.ts +2 -0
- package/src/providers/netsuite.ts +2 -0
- package/src/providers/nextcloud.ts +2 -0
- package/src/providers/nodemailer.ts +2 -0
- package/src/providers/notion.ts +2 -0
- package/src/providers/okta.ts +2 -0
- package/src/providers/onelogin.ts +2 -0
- package/src/providers/ory-hydra.ts +2 -0
- package/src/providers/osso.ts +2 -0
- package/src/providers/osu.ts +2 -0
- package/src/providers/passage.ts +2 -0
- package/src/providers/passkey.ts +2 -0
- package/src/providers/patreon.ts +2 -0
- package/src/providers/ping-id.ts +2 -0
- package/src/providers/pinterest.ts +2 -0
- package/src/providers/pipedrive.ts +2 -0
- package/src/providers/postmark.ts +2 -0
- package/src/providers/reddit.ts +2 -0
- package/src/providers/resend.ts +2 -0
- package/src/providers/roblox.ts +2 -0
- package/src/providers/salesforce.ts +2 -0
- package/src/providers/sendgrid.ts +2 -0
- package/src/providers/simplelogin.ts +2 -0
- package/src/providers/slack.ts +2 -0
- package/src/providers/spotify.ts +2 -0
- package/src/providers/strava.ts +2 -0
- package/src/providers/threads.ts +2 -0
- package/src/providers/tiktok.ts +2 -0
- package/src/providers/todoist.ts +2 -0
- package/src/providers/trakt.ts +2 -0
- package/src/providers/twitch.ts +2 -0
- package/src/providers/twitter.ts +2 -0
- package/src/providers/united-effects.ts +2 -0
- package/src/providers/vipps.ts +2 -0
- package/src/providers/vk.ts +2 -0
- package/src/providers/webauthn.ts +2 -0
- package/src/providers/webex.ts +2 -0
- package/src/providers/wechat.ts +2 -0
- package/src/providers/wikimedia.ts +2 -0
- package/src/providers/wordpress.ts +2 -0
- package/src/providers/workos.ts +2 -0
- package/src/providers/yandex.ts +2 -0
- package/src/providers/zitadel.ts +2 -0
- package/src/providers/zoho.ts +2 -0
- package/src/providers/zoom.ts +2 -0
- package/src/react.tsx +546 -0
- package/src/webauthn.ts +152 -0
- package/webauthn.d.ts +9 -0
- package/webauthn.d.ts.map +1 -0
- package/webauthn.js +92 -0
- package/LICENSE +0 -70
- package/dist/actions-CExpv_dD.js +0 -1
- package/dist/actions-DeCfLtHA.mjs +0 -184
- package/dist/client/hooks.d.ts +0 -122
- package/dist/client/index.d.ts +0 -5
- package/dist/client/index.js +0 -1
- package/dist/client/index.mjs +0 -478
- package/dist/client/provider.d.ts +0 -69
- package/dist/client/server-actions-helper.d.ts +0 -22
- package/dist/components/AccountPicker.d.ts +0 -11
- package/dist/components/OAuthButton.d.ts +0 -11
- package/dist/components/PassKeyButton.d.ts +0 -11
- package/dist/components/PassKeyRegister.d.ts +0 -10
- package/dist/components/TwoFactorSetup.d.ts +0 -8
- package/dist/components/TwoFactorVerify.d.ts +0 -9
- package/dist/core/account-picker/encryption.d.ts +0 -22
- package/dist/core/account-picker/index.d.ts +0 -22
- package/dist/core/auth/index.d.ts +0 -40
- package/dist/core/auth/oauth-providers.d.ts +0 -197
- package/dist/core/auth/oauth-state-store-cookie.d.ts +0 -83
- package/dist/core/auth/oauth-state-store-redis.d.ts +0 -25
- package/dist/core/auth/oauth-state-store.d.ts +0 -45
- package/dist/core/auth/oauth.d.ts +0 -20
- package/dist/core/auth/passkey.d.ts +0 -35
- package/dist/core/auth/password.d.ts +0 -22
- package/dist/core/auth/signin-unified.d.ts +0 -33
- package/dist/core/auth/two-factor.d.ts +0 -28
- package/dist/core/client/index.d.ts +0 -132
- package/dist/core/client/token-refresh-manager.d.ts +0 -48
- package/dist/core/index.d.ts +0 -11
- package/dist/core/mulguard/auth-handlers.d.ts +0 -100
- package/dist/core/mulguard/defaults.d.ts +0 -58
- package/dist/core/mulguard/index.d.ts +0 -9
- package/dist/core/mulguard/oauth-handler.d.ts +0 -93
- package/dist/core/mulguard/session-manager.d.ts +0 -94
- package/dist/core/security/csrf.d.ts +0 -46
- package/dist/core/security/headers.d.ts +0 -24
- package/dist/core/security/index.d.ts +0 -132
- package/dist/core/security/rate-limit.d.ts +0 -39
- package/dist/core/security/validation.d.ts +0 -251
- package/dist/core/security/xss.d.ts +0 -20
- package/dist/core/session/index.d.ts +0 -35
- package/dist/core/types/auth.d.ts +0 -290
- package/dist/core/types/errors.d.ts +0 -200
- package/dist/core/types/index.d.ts +0 -462
- package/dist/core/utils/auth-helpers.d.ts +0 -136
- package/dist/core/utils/logger.d.ts +0 -121
- package/dist/handlers/api.d.ts +0 -10
- package/dist/handlers/route.d.ts +0 -76
- package/dist/index/index.js +0 -1
- package/dist/index/index.mjs +0 -2229
- package/dist/index.d.ts +0 -21
- package/dist/middleware/index.d.ts +0 -28
- package/dist/middleware/proxy.d.ts +0 -53
- package/dist/middleware/security.d.ts +0 -9
- package/dist/mulguard.d.ts +0 -373
- package/dist/oauth-state-DKle8eCr.mjs +0 -289
- package/dist/oauth-state-DlvrCV11.js +0 -1
- package/dist/server/actions.d.ts +0 -86
- package/dist/server/auth.d.ts +0 -65
- package/dist/server/cookies.d.ts +0 -42
- package/dist/server/helpers.d.ts +0 -10
- package/dist/server/index.d.ts +0 -14
- package/dist/server/index.js +0 -1
- package/dist/server/index.mjs +0 -31
- package/dist/server/middleware.d.ts +0 -39
- package/dist/server/oauth-state.d.ts +0 -30
- package/dist/server/session-helpers.d.ts +0 -26
- package/dist/server/session.d.ts +0 -28
- package/dist/server/utils.d.ts +0 -10
package/lib/client.d.ts
ADDED
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
import * as React from "react";
|
|
2
|
+
import type { ProviderId, ProviderType } from "@mulverse/mulguard-core/providers";
|
|
3
|
+
import type { Session } from "@mulverse/mulguard-core/types";
|
|
4
|
+
import { AuthError } from "@mulverse/mulguard-core/errors";
|
|
5
|
+
/** @todo */
|
|
6
|
+
export declare class ClientSessionError extends AuthError {
|
|
7
|
+
}
|
|
8
|
+
export interface AuthClientConfig {
|
|
9
|
+
baseUrl: string;
|
|
10
|
+
basePath: string;
|
|
11
|
+
baseUrlServer: string;
|
|
12
|
+
basePathServer: string;
|
|
13
|
+
/** Stores last session response */
|
|
14
|
+
_session?: Session | null | undefined;
|
|
15
|
+
/** Used for timestamp since last sycned (in seconds) */
|
|
16
|
+
_lastSync: number;
|
|
17
|
+
/**
|
|
18
|
+
* Stores the `SessionProvider`'s session update method to be able to
|
|
19
|
+
* trigger session updates from places like `signIn` or `signOut`
|
|
20
|
+
*/
|
|
21
|
+
_getSession: (...args: any[]) => any;
|
|
22
|
+
}
|
|
23
|
+
export interface UseSessionOptions<R extends boolean> {
|
|
24
|
+
required: R;
|
|
25
|
+
/** Defaults to `signIn` */
|
|
26
|
+
onUnauthenticated?: () => void;
|
|
27
|
+
}
|
|
28
|
+
export interface ClientSafeProvider {
|
|
29
|
+
id: ProviderId;
|
|
30
|
+
name: string;
|
|
31
|
+
type: ProviderType;
|
|
32
|
+
signinUrl: string;
|
|
33
|
+
callbackUrl: string;
|
|
34
|
+
redirectTo: string;
|
|
35
|
+
}
|
|
36
|
+
export interface SignInOptions<Redirect extends boolean = true> extends Record<string, unknown> {
|
|
37
|
+
/** @deprecated Use `redirectTo` instead. */
|
|
38
|
+
callbackUrl?: string;
|
|
39
|
+
/**
|
|
40
|
+
* Specify where the user should be redirected to after a successful signin.
|
|
41
|
+
*
|
|
42
|
+
* By default, it is the page the sign-in was initiated from.
|
|
43
|
+
*/
|
|
44
|
+
redirectTo?: string;
|
|
45
|
+
/**
|
|
46
|
+
* You might want to deal with the signin response on the same page, instead of redirecting to another page.
|
|
47
|
+
* For example, if an error occurs (like wrong credentials given by the user), you might want to show an inline error message on the input field.
|
|
48
|
+
*
|
|
49
|
+
* For this purpose, you can set this to option `redirect: false`.
|
|
50
|
+
*/
|
|
51
|
+
redirect?: Redirect;
|
|
52
|
+
}
|
|
53
|
+
export interface SignInResponse {
|
|
54
|
+
error: string | undefined;
|
|
55
|
+
code: string | undefined;
|
|
56
|
+
status: number;
|
|
57
|
+
ok: boolean;
|
|
58
|
+
url: string | null;
|
|
59
|
+
}
|
|
60
|
+
/** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1) */
|
|
61
|
+
export interface SignOutResponse {
|
|
62
|
+
url: string;
|
|
63
|
+
}
|
|
64
|
+
export interface SignOutParams<Redirect extends boolean = true> {
|
|
65
|
+
/** @deprecated Use `redirectTo` instead. */
|
|
66
|
+
callbackUrl?: string;
|
|
67
|
+
/**
|
|
68
|
+
* If you pass `redirect: false`, the page will not reload.
|
|
69
|
+
* The session will be deleted, and `useSession` is notified, so any indication about the user will be shown as logged out automatically.
|
|
70
|
+
* It can give a very nice experience for the user.
|
|
71
|
+
*/
|
|
72
|
+
redirectTo?: string;
|
|
73
|
+
/** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1 */
|
|
74
|
+
redirect?: Redirect;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
|
|
78
|
+
* If you have session expiry times of 30 days (the default) or more, then you probably don't need to change any of the default options.
|
|
79
|
+
*
|
|
80
|
+
* However, if you need to customize the session behavior and/or are using short session expiry times, you can pass options to the provider to customize the behavior of the {@link useSession} hook.
|
|
81
|
+
*/
|
|
82
|
+
export interface SessionProviderProps {
|
|
83
|
+
children: React.ReactNode;
|
|
84
|
+
session?: Session | null;
|
|
85
|
+
baseUrl?: string;
|
|
86
|
+
basePath?: string;
|
|
87
|
+
/**
|
|
88
|
+
* A time interval (in seconds) after which the session will be re-fetched.
|
|
89
|
+
* If set to `0` (default), the session is not polled.
|
|
90
|
+
*/
|
|
91
|
+
refetchInterval?: number;
|
|
92
|
+
/**
|
|
93
|
+
* `SessionProvider` automatically refetches the session when the user switches between windows.
|
|
94
|
+
* This option activates this behaviour if set to `true` (default).
|
|
95
|
+
*/
|
|
96
|
+
refetchOnWindowFocus?: boolean;
|
|
97
|
+
/**
|
|
98
|
+
* Set to `false` to stop polling when the device has no internet access offline (determined by `navigator.onLine`)
|
|
99
|
+
*
|
|
100
|
+
* [`navigator.onLine` documentation](https://developer.mozilla.org/en-US/docs/Web/API/NavigatorOnLine/onLine)
|
|
101
|
+
*/
|
|
102
|
+
refetchWhenOffline?: false;
|
|
103
|
+
}
|
|
104
|
+
//# sourceMappingURL=client.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/lib/client.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAA;AAC9B,OAAO,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAA;AACjF,OAAO,KAAK,EAAkB,OAAO,EAAE,MAAM,+BAA+B,CAAA;AAC5E,OAAO,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAA;AAK1D,YAAY;AACZ,qBAAa,kBAAmB,SAAQ,SAAS;CAAG;AAEpD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,MAAM,CAAA;IACrB,cAAc,EAAE,MAAM,CAAA;IACtB,mCAAmC;IACnC,QAAQ,CAAC,EAAE,OAAO,GAAG,IAAI,GAAG,SAAS,CAAA;IACrC,wDAAwD;IACxD,SAAS,EAAE,MAAM,CAAA;IACjB;;;OAGG;IACH,WAAW,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,CAAA;CACrC;AAED,MAAM,WAAW,iBAAiB,CAAC,CAAC,SAAS,OAAO;IAClD,QAAQ,EAAE,CAAC,CAAA;IACX,2BAA2B;IAC3B,iBAAiB,CAAC,EAAE,MAAM,IAAI,CAAA;CAC/B;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,UAAU,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,YAAY,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,aAAa,CAAC,QAAQ,SAAS,OAAO,GAAG,IAAI,CAC5D,SAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC/B,4CAA4C;IAC5C,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,QAAQ,CAAA;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,GAAG,SAAS,CAAA;IACzB,IAAI,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,EAAE,EAAE,OAAO,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;CACnB;AAYD,yGAAyG;AACzG,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,aAAa,CAAC,QAAQ,SAAS,OAAO,GAAG,IAAI;IAC5D,4CAA4C;IAC5C,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,wGAAwG;IACxG,QAAQ,CAAC,EAAE,QAAQ,CAAA;CACpB;AAED;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAA;IACzB,OAAO,CAAC,EAAE,OAAO,GAAG,IAAI,CAAA;IACxB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAC9B;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,KAAK,CAAA;CAC3B"}
|
package/lib/client.js
ADDED
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
"use client";
|
|
2
|
+
import * as React from "react";
|
|
3
|
+
import { AuthError } from "@mulverse/mulguard-core/errors";
|
|
4
|
+
/** @todo */
|
|
5
|
+
class ClientFetchError extends AuthError {
|
|
6
|
+
}
|
|
7
|
+
/** @todo */
|
|
8
|
+
export class ClientSessionError extends AuthError {
|
|
9
|
+
}
|
|
10
|
+
// ------------------------ Internal ------------------------
|
|
11
|
+
/**
|
|
12
|
+
* If passed 'appContext' via getInitialProps() in _app.js
|
|
13
|
+
* then get the req object from ctx and use that for the
|
|
14
|
+
* req value to allow `fetchData` to
|
|
15
|
+
* work seemlessly in getInitialProps() on server side
|
|
16
|
+
* pages *and* in _app.js.
|
|
17
|
+
* @internal
|
|
18
|
+
*/
|
|
19
|
+
export async function fetchData(path, __NEXTAUTH, logger, req = {}) {
|
|
20
|
+
const url = `${apiBaseUrl(__NEXTAUTH)}/${path}`;
|
|
21
|
+
try {
|
|
22
|
+
const options = {
|
|
23
|
+
headers: {
|
|
24
|
+
"Content-Type": "application/json",
|
|
25
|
+
...(req?.headers?.cookie ? { cookie: req.headers.cookie } : {}),
|
|
26
|
+
},
|
|
27
|
+
};
|
|
28
|
+
if (req?.body) {
|
|
29
|
+
options.body = JSON.stringify(req.body);
|
|
30
|
+
options.method = "POST";
|
|
31
|
+
}
|
|
32
|
+
const res = await fetch(url, options);
|
|
33
|
+
const data = await res.json();
|
|
34
|
+
if (!res.ok)
|
|
35
|
+
throw data;
|
|
36
|
+
return data;
|
|
37
|
+
}
|
|
38
|
+
catch (error) {
|
|
39
|
+
logger.error(new ClientFetchError(error.message, error));
|
|
40
|
+
return null;
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
/** @internal */
|
|
44
|
+
export function apiBaseUrl(__NEXTAUTH) {
|
|
45
|
+
if (typeof window === "undefined") {
|
|
46
|
+
// Return absolute path when called server side
|
|
47
|
+
return `${__NEXTAUTH.baseUrlServer}${__NEXTAUTH.basePathServer}`;
|
|
48
|
+
}
|
|
49
|
+
// Return relative path when called client side
|
|
50
|
+
return __NEXTAUTH.basePath;
|
|
51
|
+
}
|
|
52
|
+
/** @internal */
|
|
53
|
+
export function useOnline() {
|
|
54
|
+
const [isOnline, setIsOnline] = React.useState(typeof navigator !== "undefined" ? navigator.onLine : false);
|
|
55
|
+
const setOnline = () => setIsOnline(true);
|
|
56
|
+
const setOffline = () => setIsOnline(false);
|
|
57
|
+
React.useEffect(() => {
|
|
58
|
+
window.addEventListener("online", setOnline);
|
|
59
|
+
window.addEventListener("offline", setOffline);
|
|
60
|
+
return () => {
|
|
61
|
+
window.removeEventListener("online", setOnline);
|
|
62
|
+
window.removeEventListener("offline", setOffline);
|
|
63
|
+
};
|
|
64
|
+
}, []);
|
|
65
|
+
return isOnline;
|
|
66
|
+
}
|
|
67
|
+
/**
|
|
68
|
+
* Returns the number of seconds elapsed since January 1, 1970 00:00:00 UTC.
|
|
69
|
+
* @internal
|
|
70
|
+
*/
|
|
71
|
+
export function now() {
|
|
72
|
+
return Math.floor(Date.now() / 1000);
|
|
73
|
+
}
|
|
74
|
+
/**
|
|
75
|
+
* Returns an `URL` like object to make requests/redirects from server-side
|
|
76
|
+
* @internal
|
|
77
|
+
*/
|
|
78
|
+
export function parseUrl(url) {
|
|
79
|
+
const defaultUrl = new URL("http://localhost:3000/api/auth");
|
|
80
|
+
if (url && !url.startsWith("http")) {
|
|
81
|
+
url = `https://${url}`;
|
|
82
|
+
}
|
|
83
|
+
const _url = new URL(url || defaultUrl);
|
|
84
|
+
const path = (_url.pathname === "/" ? defaultUrl.pathname : _url.pathname)
|
|
85
|
+
// Remove trailing slash
|
|
86
|
+
.replace(/\/$/, "");
|
|
87
|
+
const base = `${_url.origin}${path}`;
|
|
88
|
+
return {
|
|
89
|
+
origin: _url.origin,
|
|
90
|
+
host: _url.host,
|
|
91
|
+
path,
|
|
92
|
+
base,
|
|
93
|
+
toString: () => base,
|
|
94
|
+
};
|
|
95
|
+
}
|
package/lib/env.d.ts
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { NextRequest } from "next/server";
|
|
2
|
+
import type { MulGuardConfig } from "./index.js";
|
|
3
|
+
/** If `MULGUARD_URL`, `AUTH_URL`, or `NEXTAUTH_URL` is defined, override the request's URL. */
|
|
4
|
+
export declare function reqWithEnvURL(req: NextRequest): NextRequest;
|
|
5
|
+
/**
|
|
6
|
+
* MulGuard checks for `MULGUARD_URL` and `MULGUARD_SECRET` first.
|
|
7
|
+
* For backwards compatibility, it also checks for `AUTH_URL`/`AUTH_SECRET` and `NEXTAUTH_URL`/`NEXTAUTH_SECRET`.
|
|
8
|
+
* The `basePath` by default is `/api/auth` instead of `/auth`
|
|
9
|
+
* (which is the default for all other Auth.js integrations).
|
|
10
|
+
*/
|
|
11
|
+
export declare function setEnvDefaults(config: MulGuardConfig): void;
|
|
12
|
+
//# sourceMappingURL=env.d.ts.map
|
package/lib/env.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../src/lib/env.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAGhD,+FAA+F;AAC/F,wBAAgB,aAAa,CAAC,GAAG,EAAE,WAAW,GAAG,WAAW,CAM3D;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,QAepD"}
|
package/lib/env.js
ADDED
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
// @ts-expect-error Next.js does not yet correctly use the `package.json#exports` field
|
|
2
|
+
import { NextRequest } from "next/server";
|
|
3
|
+
import { setEnvDefaults as coreSetEnvDefaults } from "@mulverse/mulguard-core";
|
|
4
|
+
/** If `MULGUARD_URL`, `AUTH_URL`, or `NEXTAUTH_URL` is defined, override the request's URL. */
|
|
5
|
+
export function reqWithEnvURL(req) {
|
|
6
|
+
const url = process.env.MULGUARD_URL ?? process.env.AUTH_URL ?? process.env.NEXTAUTH_URL;
|
|
7
|
+
if (!url)
|
|
8
|
+
return req;
|
|
9
|
+
const { origin: envOrigin } = new URL(url);
|
|
10
|
+
const { href, origin } = req.nextUrl;
|
|
11
|
+
return new NextRequest(href.replace(origin, envOrigin), req);
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* MulGuard checks for `MULGUARD_URL` and `MULGUARD_SECRET` first.
|
|
15
|
+
* For backwards compatibility, it also checks for `AUTH_URL`/`AUTH_SECRET` and `NEXTAUTH_URL`/`NEXTAUTH_SECRET`.
|
|
16
|
+
* The `basePath` by default is `/api/auth` instead of `/auth`
|
|
17
|
+
* (which is the default for all other Auth.js integrations).
|
|
18
|
+
*/
|
|
19
|
+
export function setEnvDefaults(config) {
|
|
20
|
+
try {
|
|
21
|
+
config.secret ?? (config.secret = process.env.MULGUARD_SECRET ?? process.env.AUTH_SECRET ?? process.env.NEXTAUTH_SECRET);
|
|
22
|
+
const url = process.env.MULGUARD_URL ?? process.env.AUTH_URL ?? process.env.NEXTAUTH_URL;
|
|
23
|
+
if (!url)
|
|
24
|
+
return;
|
|
25
|
+
const { pathname } = new URL(url);
|
|
26
|
+
if (pathname === "/")
|
|
27
|
+
return;
|
|
28
|
+
config.basePath || (config.basePath = pathname);
|
|
29
|
+
}
|
|
30
|
+
catch {
|
|
31
|
+
// Catching and swallowing potential URL parsing errors, we'll fall
|
|
32
|
+
// back to `/api/auth` below.
|
|
33
|
+
}
|
|
34
|
+
finally {
|
|
35
|
+
config.basePath || (config.basePath = "/api/auth");
|
|
36
|
+
coreSetEnvDefaults(process.env, config, true);
|
|
37
|
+
}
|
|
38
|
+
}
|
package/lib/index.d.ts
ADDED
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
import { type AuthConfig } from "@mulverse/mulguard-core";
|
|
2
|
+
import { NextResponse } from "next/server";
|
|
3
|
+
import type { Awaitable, Session } from "@mulverse/mulguard-core/types";
|
|
4
|
+
import type { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from "next";
|
|
5
|
+
import type { AppRouteHandlerFn } from "./types.js";
|
|
6
|
+
import type { NextFetchEvent, NextMiddleware, NextRequest } from "next/server";
|
|
7
|
+
/** Configure MulGuard. */
|
|
8
|
+
export interface MulGuardConfig extends Omit<AuthConfig, "raw"> {
|
|
9
|
+
/**
|
|
10
|
+
* Callbacks are asynchronous functions you can use to control what happens when an auth-related action is performed.
|
|
11
|
+
* Callbacks **allow you to implement access controls without a database** or to **integrate with external databases or APIs**.
|
|
12
|
+
*/
|
|
13
|
+
callbacks?: AuthConfig["callbacks"] & {
|
|
14
|
+
/**
|
|
15
|
+
* Invoked when a user needs authorization, using [Middleware](https://nextjs.org/docs/advanced-features/middleware).
|
|
16
|
+
*
|
|
17
|
+
* You can override this behavior by returning a {@link NextResponse}.
|
|
18
|
+
*
|
|
19
|
+
* @example
|
|
20
|
+
* ```ts title="app/auth.ts"
|
|
21
|
+
* async authorized({ request, auth }) {
|
|
22
|
+
* const url = request.nextUrl
|
|
23
|
+
*
|
|
24
|
+
* if(request.method === "POST") {
|
|
25
|
+
* const { authToken } = (await request.json()) ?? {}
|
|
26
|
+
* // If the request has a valid auth token, it is authorized
|
|
27
|
+
* const valid = await validateAuthToken(authToken)
|
|
28
|
+
* if(valid) return true
|
|
29
|
+
* return NextResponse.json("Invalid auth token", { status: 401 })
|
|
30
|
+
* }
|
|
31
|
+
*
|
|
32
|
+
* // Logged in users are authenticated, otherwise redirect to login page
|
|
33
|
+
* return !!auth.user
|
|
34
|
+
* }
|
|
35
|
+
* ```
|
|
36
|
+
*
|
|
37
|
+
* :::warning
|
|
38
|
+
* If you are returning a redirect response, make sure that the page you are redirecting to is not protected by this callback,
|
|
39
|
+
* otherwise you could end up in an infinite redirect loop.
|
|
40
|
+
* :::
|
|
41
|
+
*/
|
|
42
|
+
authorized?: (params: {
|
|
43
|
+
/** The request to be authorized. */
|
|
44
|
+
request: NextRequest;
|
|
45
|
+
/** The authenticated user or token, if any. */
|
|
46
|
+
auth: Session | null;
|
|
47
|
+
}) => Awaitable<boolean | NextResponse | Response | undefined>;
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
export interface MulGuardRequest extends NextRequest {
|
|
51
|
+
auth: Session | null;
|
|
52
|
+
}
|
|
53
|
+
export type MulGuardMiddleware = (request: MulGuardRequest, event: NextFetchEvent) => ReturnType<NextMiddleware>;
|
|
54
|
+
export type WithAuthArgs = [MulGuardRequest, any] | [MulGuardMiddleware] | [AppRouteHandlerFn] | [NextApiRequest, NextApiResponse] | [GetServerSidePropsContext] | [];
|
|
55
|
+
export declare function initAuth(config: MulGuardConfig | ((request: NextRequest | undefined) => Awaitable<MulGuardConfig>), onLazyLoad?: (config: MulGuardConfig) => void): (...args: WithAuthArgs) => Promise<any> | ((...args: Parameters<MulGuardMiddleware | AppRouteHandlerFn>) => Promise<Response>);
|
|
56
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/lib/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAyB,KAAK,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAIhF,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAG1C,OAAO,KAAK,EAAc,SAAS,EAAE,OAAO,EAAE,MAAM,+BAA+B,CAAA;AACnF,OAAO,KAAK,EACV,yBAAyB,EACzB,cAAc,EACd,eAAe,EAChB,MAAM,MAAM,CAAA;AACb,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAA;AAEnD,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAE9E,0BAA0B;AAC1B,MAAM,WAAW,cAAe,SAAQ,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC;IAC7D;;;OAGG;IACH,SAAS,CAAC,EAAE,UAAU,CAAC,WAAW,CAAC,GAAG;QACpC;;;;;;;;;;;;;;;;;;;;;;;;;;;WA2BG;QACH,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE;YACpB,oCAAoC;YACpC,OAAO,EAAE,WAAW,CAAA;YACpB,+CAA+C;YAC/C,IAAI,EAAE,OAAO,GAAG,IAAI,CAAA;SACrB,KAAK,SAAS,CAAC,OAAO,GAAG,YAAY,GAAG,QAAQ,GAAG,SAAS,CAAC,CAAA;KAC/D,CAAA;CACF;AAuCD,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,IAAI,EAAE,OAAO,GAAG,IAAI,CAAA;CACrB;AAED,MAAM,MAAM,kBAAkB,GAAG,CAC/B,OAAO,EAAE,eAAe,EACxB,KAAK,EAAE,cAAc,KAClB,UAAU,CAAC,cAAc,CAAC,CAAA;AAE/B,MAAM,MAAM,YAAY,GACpB,CAAC,eAAe,EAAE,GAAG,CAAC,GACtB,CAAC,kBAAkB,CAAC,GACpB,CAAC,iBAAiB,CAAC,GACnB,CAAC,cAAc,EAAE,eAAe,CAAC,GACjC,CAAC,yBAAyB,CAAC,GAC3B,EAAE,CAAA;AAMN,wBAAgB,QAAQ,CACtB,MAAM,EACF,cAAc,GACd,CAAC,CAAC,OAAO,EAAE,WAAW,GAAG,SAAS,KAAK,SAAS,CAAC,cAAc,CAAC,CAAC,EACrE,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,KAAK,IAAI,aA2D5B,YAAY,+BAqBd,WAAW,kBAAkB,GAAG,iBAAiB,CAAC,wBA0BlE"}
|
package/lib/index.js
ADDED
|
@@ -0,0 +1,187 @@
|
|
|
1
|
+
import { Auth, createActionURL } from "@mulverse/mulguard-core";
|
|
2
|
+
// @ts-expect-error Next.js does not yet correctly use the `package.json#exports` field
|
|
3
|
+
import { headers } from "next/headers";
|
|
4
|
+
// @ts-expect-error Next.js does not yet correctly use the `package.json#exports` field
|
|
5
|
+
import { NextResponse } from "next/server";
|
|
6
|
+
import { reqWithEnvURL } from "./env.js";
|
|
7
|
+
async function getSession(headers, config) {
|
|
8
|
+
const url = createActionURL("session",
|
|
9
|
+
// @ts-expect-error `x-forwarded-proto` is not nullable, next.js sets it by default
|
|
10
|
+
headers.get("x-forwarded-proto"), headers, process.env, config);
|
|
11
|
+
const request = new Request(url, {
|
|
12
|
+
headers: { cookie: headers.get("cookie") ?? "" },
|
|
13
|
+
});
|
|
14
|
+
return Auth(request, {
|
|
15
|
+
...config,
|
|
16
|
+
callbacks: {
|
|
17
|
+
...config.callbacks,
|
|
18
|
+
// Since we are server-side, we don't need to filter out the session data
|
|
19
|
+
// See https://authjs.dev/getting-started/migrating-to-v5#authenticating-server-side
|
|
20
|
+
// TODO: Taint the session data to prevent accidental leakage to the client
|
|
21
|
+
// https://react.dev/reference/react/experimental_taintObjectReference
|
|
22
|
+
async session(...args) {
|
|
23
|
+
const session =
|
|
24
|
+
// If the user defined a custom session callback, use that instead
|
|
25
|
+
(await config.callbacks?.session?.(...args)) ?? {
|
|
26
|
+
...args[0].session,
|
|
27
|
+
expires: args[0].session.expires?.toISOString?.() ??
|
|
28
|
+
args[0].session.expires,
|
|
29
|
+
};
|
|
30
|
+
const user = args[0].user ?? args[0].token;
|
|
31
|
+
return { user, ...session };
|
|
32
|
+
},
|
|
33
|
+
},
|
|
34
|
+
});
|
|
35
|
+
}
|
|
36
|
+
function isReqWrapper(arg) {
|
|
37
|
+
return typeof arg === "function";
|
|
38
|
+
}
|
|
39
|
+
export function initAuth(config, onLazyLoad // To set the default env vars
|
|
40
|
+
) {
|
|
41
|
+
if (typeof config === "function") {
|
|
42
|
+
return async (...args) => {
|
|
43
|
+
if (!args.length) {
|
|
44
|
+
// React Server Components
|
|
45
|
+
const _headers = await headers();
|
|
46
|
+
const _config = await config(undefined); // Review: Should we pass headers() here instead?
|
|
47
|
+
onLazyLoad?.(_config);
|
|
48
|
+
return getSession(_headers, _config).then((r) => r.json());
|
|
49
|
+
}
|
|
50
|
+
if (args[0] instanceof Request) {
|
|
51
|
+
// middleware.ts inline
|
|
52
|
+
// export { auth as default } from "auth"
|
|
53
|
+
const req = args[0];
|
|
54
|
+
const ev = args[1];
|
|
55
|
+
const _config = await config(req);
|
|
56
|
+
onLazyLoad?.(_config);
|
|
57
|
+
// args[0] is supposed to be NextRequest but the instanceof check is failing.
|
|
58
|
+
return handleAuth([req, ev], _config);
|
|
59
|
+
}
|
|
60
|
+
if (isReqWrapper(args[0])) {
|
|
61
|
+
// middleware.ts wrapper/route.ts
|
|
62
|
+
// import { auth } from "auth"
|
|
63
|
+
// export default auth((req) => { console.log(req.auth) }})
|
|
64
|
+
const userMiddlewareOrRoute = args[0];
|
|
65
|
+
return async (...args) => {
|
|
66
|
+
const _config = await config(args[0]);
|
|
67
|
+
onLazyLoad?.(_config);
|
|
68
|
+
return handleAuth(args, _config, userMiddlewareOrRoute);
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
// API Routes, getServerSideProps
|
|
72
|
+
const request = "req" in args[0] ? args[0].req : args[0];
|
|
73
|
+
const response = "res" in args[0] ? args[0].res : args[1];
|
|
74
|
+
const _config = await config(request);
|
|
75
|
+
onLazyLoad?.(_config);
|
|
76
|
+
// @ts-expect-error -- request is NextRequest
|
|
77
|
+
return getSession(new Headers(request.headers), _config).then(async (authResponse) => {
|
|
78
|
+
const auth = await authResponse.json();
|
|
79
|
+
for (const cookie of authResponse.headers.getSetCookie())
|
|
80
|
+
if ("headers" in response)
|
|
81
|
+
response.headers.append("set-cookie", cookie);
|
|
82
|
+
else
|
|
83
|
+
response.appendHeader("set-cookie", cookie);
|
|
84
|
+
return auth;
|
|
85
|
+
});
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
return (...args) => {
|
|
89
|
+
if (!args.length) {
|
|
90
|
+
// React Server Components
|
|
91
|
+
return Promise.resolve(headers()).then((h) => getSession(h, config).then((r) => r.json()));
|
|
92
|
+
}
|
|
93
|
+
if (args[0] instanceof Request) {
|
|
94
|
+
// middleware.ts inline
|
|
95
|
+
// export { auth as default } from "auth"
|
|
96
|
+
const req = args[0];
|
|
97
|
+
const ev = args[1];
|
|
98
|
+
return handleAuth([req, ev], config);
|
|
99
|
+
}
|
|
100
|
+
if (isReqWrapper(args[0])) {
|
|
101
|
+
// middleware.ts wrapper/route.ts
|
|
102
|
+
// import { auth } from "auth"
|
|
103
|
+
// export default auth((req) => { console.log(req.auth) }})
|
|
104
|
+
const userMiddlewareOrRoute = args[0];
|
|
105
|
+
return async (...args) => {
|
|
106
|
+
return handleAuth(args, config, userMiddlewareOrRoute).then((res) => {
|
|
107
|
+
return res;
|
|
108
|
+
});
|
|
109
|
+
};
|
|
110
|
+
}
|
|
111
|
+
// API Routes, getServerSideProps
|
|
112
|
+
const request = "req" in args[0] ? args[0].req : args[0];
|
|
113
|
+
const response = "res" in args[0] ? args[0].res : args[1];
|
|
114
|
+
return getSession(
|
|
115
|
+
// @ts-expect-error
|
|
116
|
+
new Headers(request.headers), config).then(async (authResponse) => {
|
|
117
|
+
const auth = await authResponse.json();
|
|
118
|
+
for (const cookie of authResponse.headers.getSetCookie())
|
|
119
|
+
if ("headers" in response)
|
|
120
|
+
response.headers.append("set-cookie", cookie);
|
|
121
|
+
else
|
|
122
|
+
response.appendHeader("set-cookie", cookie);
|
|
123
|
+
return auth;
|
|
124
|
+
});
|
|
125
|
+
};
|
|
126
|
+
}
|
|
127
|
+
async function handleAuth(args, config, userMiddlewareOrRoute) {
|
|
128
|
+
const request = reqWithEnvURL(args[0]);
|
|
129
|
+
const sessionResponse = await getSession(request.headers, config);
|
|
130
|
+
const auth = await sessionResponse.json();
|
|
131
|
+
let authorized = true;
|
|
132
|
+
if (config.callbacks?.authorized) {
|
|
133
|
+
authorized = await config.callbacks.authorized({ request, auth });
|
|
134
|
+
}
|
|
135
|
+
let response = NextResponse.next?.();
|
|
136
|
+
if (authorized instanceof Response) {
|
|
137
|
+
// User returned a custom response, like redirecting to a page or 401, respect it
|
|
138
|
+
response = authorized;
|
|
139
|
+
const redirect = authorized.headers.get("Location");
|
|
140
|
+
const { pathname } = request.nextUrl;
|
|
141
|
+
// If the user is redirecting to the same MulGuard action path as the current request,
|
|
142
|
+
// don't allow the redirect to prevent an infinite loop
|
|
143
|
+
if (redirect &&
|
|
144
|
+
isSameAuthAction(pathname, new URL(redirect).pathname, config)) {
|
|
145
|
+
authorized = true;
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
else if (userMiddlewareOrRoute) {
|
|
149
|
+
// Execute user's middleware/handler with the augmented request
|
|
150
|
+
const augmentedReq = request;
|
|
151
|
+
augmentedReq.auth = auth;
|
|
152
|
+
response =
|
|
153
|
+
(await userMiddlewareOrRoute(augmentedReq, args[1])) ??
|
|
154
|
+
NextResponse.next();
|
|
155
|
+
}
|
|
156
|
+
else if (!authorized) {
|
|
157
|
+
const signInPage = config.pages?.signIn ?? `${config.basePath}/signin`;
|
|
158
|
+
if (request.nextUrl.pathname !== signInPage) {
|
|
159
|
+
// Redirect to signin page by default if not authorized
|
|
160
|
+
const signInUrl = request.nextUrl.clone();
|
|
161
|
+
signInUrl.pathname = signInPage;
|
|
162
|
+
signInUrl.searchParams.set("callbackUrl", request.nextUrl.href);
|
|
163
|
+
response = NextResponse.redirect(signInUrl);
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
const finalResponse = new Response(response?.body, response);
|
|
167
|
+
// Preserve cookies from the session response
|
|
168
|
+
for (const cookie of sessionResponse.headers.getSetCookie())
|
|
169
|
+
finalResponse.headers.append("set-cookie", cookie);
|
|
170
|
+
return finalResponse;
|
|
171
|
+
}
|
|
172
|
+
function isSameAuthAction(requestPath, redirectPath, config) {
|
|
173
|
+
const action = redirectPath.replace(`${requestPath}/`, "");
|
|
174
|
+
const pages = Object.values(config.pages ?? {});
|
|
175
|
+
return ((actions.has(action) || pages.includes(redirectPath)) &&
|
|
176
|
+
redirectPath === requestPath);
|
|
177
|
+
}
|
|
178
|
+
const actions = new Set([
|
|
179
|
+
"providers",
|
|
180
|
+
"session",
|
|
181
|
+
"csrf",
|
|
182
|
+
"signin",
|
|
183
|
+
"signout",
|
|
184
|
+
"callback",
|
|
185
|
+
"verify-request",
|
|
186
|
+
"error",
|
|
187
|
+
]);
|
package/lib/types.d.ts
ADDED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import type { NextRequest } from "next/server";
|
|
2
|
+
/**
|
|
3
|
+
* AppRouteHandlerFnContext is the context that is passed to the handler as the
|
|
4
|
+
* second argument.
|
|
5
|
+
*/
|
|
6
|
+
export type AppRouteHandlerFnContext = {
|
|
7
|
+
params: Promise<any>;
|
|
8
|
+
};
|
|
9
|
+
/**
|
|
10
|
+
* Handler function for app routes. If a non-Response value is returned, an error
|
|
11
|
+
* will be thrown.
|
|
12
|
+
*/
|
|
13
|
+
export type AppRouteHandlerFn = (
|
|
14
|
+
/**
|
|
15
|
+
* Incoming request object.
|
|
16
|
+
*/
|
|
17
|
+
req: NextRequest,
|
|
18
|
+
/**
|
|
19
|
+
* Context properties on the request (including the parameters if this was a
|
|
20
|
+
* dynamic route).
|
|
21
|
+
*/
|
|
22
|
+
ctx: AppRouteHandlerFnContext) => void | Response | Promise<void | Response>;
|
|
23
|
+
export type AppRouteHandlers = Record<"GET" | "POST", (req: NextRequest) => Promise<Response>>;
|
|
24
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/lib/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAE9C;;;GAGG;AACH,MAAM,MAAM,wBAAwB,GAAG;IACrC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;CACrB,CAAA;AACD;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG;AAC9B;;GAEG;AACH,GAAG,EAAE,WAAW;AAChB;;;GAGG;AACH,GAAG,EAAE,wBAAwB,KAC1B,IAAI,GAAG,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,QAAQ,CAAC,CAAA;AAE/C,MAAM,MAAM,gBAAgB,GAAG,MAAM,CACnC,KAAK,GAAG,MAAM,EACd,CAAC,GAAG,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CACxC,CAAA"}
|
package/lib/types.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
package/middleware.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["src/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH,OAAO,EAAE,CAAA"}
|
package/middleware.js
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* :::warning Deprecated
|
|
3
|
+
* This module is replaced in v5. Read more at: https://authjs.dev/getting-started/migrating-to-v5#authenticating-server-side
|
|
4
|
+
* :::
|
|
5
|
+
*
|
|
6
|
+
* @module middleware
|
|
7
|
+
*/
|
|
8
|
+
throw new ReferenceError([
|
|
9
|
+
'"mulguard/middleware" is deprecated. If you are not ready to migrate, keep using "next-auth@4".',
|
|
10
|
+
"Read more on https://mulverse.com",
|
|
11
|
+
].join("\n"));
|
|
12
|
+
export {};
|
package/next.d.ts
ADDED
package/next.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"next.d.ts","sourceRoot":"","sources":["src/next.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH,OAAO,EAAE,CAAA"}
|
package/next.js
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* :::warning Deprecated
|
|
3
|
+
* This module is replaced in v5. Read more at: https://authjs.dev/getting-started/migrating-to-v5#authenticating-server-side
|
|
4
|
+
* :::
|
|
5
|
+
*
|
|
6
|
+
* @module next
|
|
7
|
+
*/
|
|
8
|
+
throw new ReferenceError([
|
|
9
|
+
'"mulguard/next" is deprecated. If you are not ready to migrate, keep using "next-auth@4".',
|
|
10
|
+
"Read more on https://mulverse.com",
|
|
11
|
+
].join("\n"));
|
|
12
|
+
export {};
|