naystack 1.1.11 → 1.1.12-beta.10

package/dist/auth/email/index.cjs.js

@@ -0,0 +1,226 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/auth/email/index.ts
+var email_exports = {};
+__export(email_exports, {
+  getEmailAuthRoutes: () => getEmailAuthRoutes
+});
+module.exports = __toCommonJS(email_exports);
+
+// src/auth/email/utils.ts
+var import_jsonwebtoken2 = require("jsonwebtoken");
+
+// src/auth/email/token.ts
+var import_bcryptjs = require("bcryptjs");
+var import_jsonwebtoken = require("jsonwebtoken");
+var import_server = require("next/server");
+function generateAccessToken(id, signingKey) {
+  return (0, import_jsonwebtoken.sign)({ id }, signingKey, {
+    expiresIn: "2h"
+  });
+}
+function generateRefreshToken(id, refreshKey) {
+  return (0, import_jsonwebtoken.sign)({ id }, refreshKey);
+}
+function getTokenizedResponse(accessToken, refreshToken) {
+  const body = { accessToken, refreshToken };
+  const response = import_server.NextResponse.json(body, {
+    status: 200
+  });
+  if (!accessToken) {
+    response.cookies.set("refresh", "", {
+      secure: false,
+      httpOnly: true,
+      expires: 0
+    });
+  }
+  if (refreshToken !== void 0) {
+    response.cookies.set("refresh", refreshToken, {
+      secure: false,
+      httpOnly: true,
+      expires: refreshToken === "" ? 0 : new Date(Date.now() + 60 * 60 * 24 * 365 * 1e3)
+    });
+  }
+  return response;
+}
+function getUserIdFromRefreshToken(refreshKey, refreshToken) {
+  if (refreshToken)
+    try {
+      const decoded = (0, import_jsonwebtoken.verify)(refreshToken, refreshKey);
+      if (typeof decoded !== "string" && typeof decoded.id === "number")
+        return decoded.id;
+    } catch (e) {
+      if (!(e instanceof import_jsonwebtoken.JsonWebTokenError)) console.error(e, "errors");
+      return null;
+    }
+  return null;
+}
+function verifyUser(user, password) {
+  if (!user.password) return false;
+  return (0, import_bcryptjs.compare)(password, user.password);
+}
+
+// src/auth/utils/errors.ts
+var import_server2 = require("next/server");
+function handleError(status, message, onError) {
+  const res = onError?.({ status, message });
+  if (res) return res;
+  return new import_server2.NextResponse(message, { status });
+}
+
+// src/auth/email/utils.ts
+async function massageRequest(req, options) {
+  const data = await req.json();
+  if (!data.email || !data.password)
+    return {
+      error: handleError(400, "Missing email or password", options.onError)
+    };
+  if (options.turnstileKey) {
+    if (!data.captchaToken)
+      return { error: handleError(400, "Missing captcha", options.onError) };
+    if (!await verifyCaptcha(data.captchaToken, options.turnstileKey))
+      return {
+        error: handleError(400, "Invalid captcha", options.onError)
+      };
+  }
+  return {
+    data: {
+      email: data.email,
+      password: data.password,
+      ...data
+    }
+  };
+}
+async function verifyCaptcha(token, secret) {
+  const res = await fetch(
+    "https://challenges.cloudflare.com/turnstile/v0/siteverify",
+    {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        secret,
+        response: token
+      })
+    }
+  );
+  if (res.ok) {
+    const data = await res.json();
+    return data.success;
+  }
+  return false;
+}
+var getUserContext = (refreshKey, signingKey, req) => {
+  const bearer = req.headers.get("authorization");
+  if (!bearer) {
+    const refresh = req.cookies.get("refresh")?.value;
+    const userId = getUserIdFromRefreshToken(refreshKey, refresh);
+    if (userId) return { refreshUserID: userId };
+    return null;
+  }
+  const token = bearer.slice(7);
+  try {
+    const res = (0, import_jsonwebtoken2.verify)(token, signingKey);
+    if (typeof res === "string") {
+      return null;
+    }
+    return {
+      accessUserId: res.id
+    };
+  } catch {
+  }
+  return null;
+};
+
+// src/auth/email/routes/delete.ts
+var getDeleteRoute = () => () => getTokenizedResponse(void 0, "");
+
+// src/auth/email/routes/get.ts
+var getGetRoute = (options) => (req) => {
+  const refresh = req.cookies.get("refresh")?.value;
+  const userID = getUserIdFromRefreshToken(options.refreshKey, refresh);
+  if (userID)
+    return getTokenizedResponse(
+      generateAccessToken(userID, options.signingKey)
+    );
+  return getTokenizedResponse();
+};
+
+// src/auth/email/routes/post.ts
+var import_bcryptjs2 = require("bcryptjs");
+var getPostRoute = (options) => async (req) => {
+  const { data, error } = await massageRequest(req, options);
+  if (error || !data) return error;
+  const existingUser = await options.getUser(data.email);
+  if (existingUser) {
+    if (await verifyUser(existingUser, data.password)) {
+      return getTokenizedResponse(
+        generateAccessToken(existingUser.id, options.signingKey),
+        generateRefreshToken(existingUser.id, options.refreshKey)
+      );
+    }
+    return handleError(400, "A user already exists", options.onError);
+  }
+  const encryptedPassword = await (0, import_bcryptjs2.hash)(data.password, 10);
+  const newUser = await options.createUser({
+    ...data,
+    password: encryptedPassword
+  });
+  if (newUser) {
+    options.onSignUp?.(newUser);
+    return getTokenizedResponse(
+      generateAccessToken(newUser.id, options.signingKey),
+      generateRefreshToken(newUser.id, options.refreshKey)
+    );
+  }
+  return getTokenizedResponse();
+};
+
+// src/auth/email/routes/put.ts
+var getPutRoute = (options) => async (req) => {
+  const { data, error } = await massageRequest(req, options);
+  if (error || !data) return error;
+  const user = await options.getUser(data.email);
+  if (!user)
+    return handleError(400, "A user does not exist", options.onError);
+  if (await verifyUser(user, data.password)) {
+    return getTokenizedResponse(
+      generateAccessToken(user.id, options.signingKey),
+      generateRefreshToken(user.id, options.refreshKey)
+    );
+  }
+  return handleError(403, "Invalid password", options.onError);
+};
+
+// src/auth/email/index.ts
+function getEmailAuthRoutes(options) {
+  return {
+    GET: getGetRoute(options),
+    POST: getPostRoute(options),
+    PUT: getPutRoute(options),
+    DELETE: getDeleteRoute(),
+    getUserIdFromRequest: (req) => getUserContext(options.refreshKey, options.signingKey, req)
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getEmailAuthRoutes
+});

package/dist/auth/email/index.d.mts

@@ -0,0 +1,23 @@
+import * as next_server from 'next/server';
+import { NextRequest } from 'next/server';
+import { InitRoutesOptions } from './types.mjs';
+import '../types.mjs';
+
+declare function getEmailAuthRoutes(options: InitRoutesOptions): {
+    GET: (req: NextRequest) => next_server.NextResponse<{
+        accessToken: string | undefined;
+        refreshToken: string | undefined;
+    }>;
+    POST: (req: NextRequest) => Promise<next_server.NextResponse<unknown> | undefined>;
+    PUT: (req: NextRequest) => Promise<next_server.NextResponse<unknown> | undefined>;
+    DELETE: () => next_server.NextResponse<{
+        accessToken: string | undefined;
+        refreshToken: string | undefined;
+    }>;
+    getUserIdFromRequest: (req: NextRequest) => {
+        refreshUserID?: number;
+        accessUserId?: number;
+    } | null;
+};
+
+export { getEmailAuthRoutes };

package/dist/auth/email/index.d.ts

@@ -0,0 +1,23 @@
+import * as next_server from 'next/server';
+import { NextRequest } from 'next/server';
+import { InitRoutesOptions } from './types.js';
+import '../types.js';
+
+declare function getEmailAuthRoutes(options: InitRoutesOptions): {
+    GET: (req: NextRequest) => next_server.NextResponse<{
+        accessToken: string | undefined;
+        refreshToken: string | undefined;
+    }>;
+    POST: (req: NextRequest) => Promise<next_server.NextResponse<unknown> | undefined>;
+    PUT: (req: NextRequest) => Promise<next_server.NextResponse<unknown> | undefined>;
+    DELETE: () => next_server.NextResponse<{
+        accessToken: string | undefined;
+        refreshToken: string | undefined;
+    }>;
+    getUserIdFromRequest: (req: NextRequest) => {
+        refreshUserID?: number;
+        accessUserId?: number;
+    } | null;
+};
+
+export { getEmailAuthRoutes };

package/dist/auth/email/index.esm.js

@@ -0,0 +1,199 @@
+// src/auth/email/utils.ts
+import { verify as verify2 } from "jsonwebtoken";
+
+// src/auth/email/token.ts
+import { compare } from "bcryptjs";
+import { JsonWebTokenError, sign, verify } from "jsonwebtoken";
+import { NextResponse } from "next/server";
+function generateAccessToken(id, signingKey) {
+  return sign({ id }, signingKey, {
+    expiresIn: "2h"
+  });
+}
+function generateRefreshToken(id, refreshKey) {
+  return sign({ id }, refreshKey);
+}
+function getTokenizedResponse(accessToken, refreshToken) {
+  const body = { accessToken, refreshToken };
+  const response = NextResponse.json(body, {
+    status: 200
+  });
+  if (!accessToken) {
+    response.cookies.set("refresh", "", {
+      secure: false,
+      httpOnly: true,
+      expires: 0
+    });
+  }
+  if (refreshToken !== void 0) {
+    response.cookies.set("refresh", refreshToken, {
+      secure: false,
+      httpOnly: true,
+      expires: refreshToken === "" ? 0 : new Date(Date.now() + 60 * 60 * 24 * 365 * 1e3)
+    });
+  }
+  return response;
+}
+function getUserIdFromRefreshToken(refreshKey, refreshToken) {
+  if (refreshToken)
+    try {
+      const decoded = verify(refreshToken, refreshKey);
+      if (typeof decoded !== "string" && typeof decoded.id === "number")
+        return decoded.id;
+    } catch (e) {
+      if (!(e instanceof JsonWebTokenError)) console.error(e, "errors");
+      return null;
+    }
+  return null;
+}
+function verifyUser(user, password) {
+  if (!user.password) return false;
+  return compare(password, user.password);
+}
+
+// src/auth/utils/errors.ts
+import { NextResponse as NextResponse2 } from "next/server";
+function handleError(status, message, onError) {
+  const res = onError?.({ status, message });
+  if (res) return res;
+  return new NextResponse2(message, { status });
+}
+
+// src/auth/email/utils.ts
+async function massageRequest(req, options) {
+  const data = await req.json();
+  if (!data.email || !data.password)
+    return {
+      error: handleError(400, "Missing email or password", options.onError)
+    };
+  if (options.turnstileKey) {
+    if (!data.captchaToken)
+      return { error: handleError(400, "Missing captcha", options.onError) };
+    if (!await verifyCaptcha(data.captchaToken, options.turnstileKey))
+      return {
+        error: handleError(400, "Invalid captcha", options.onError)
+      };
+  }
+  return {
+    data: {
+      email: data.email,
+      password: data.password,
+      ...data
+    }
+  };
+}
+async function verifyCaptcha(token, secret) {
+  const res = await fetch(
+    "https://challenges.cloudflare.com/turnstile/v0/siteverify",
+    {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        secret,
+        response: token
+      })
+    }
+  );
+  if (res.ok) {
+    const data = await res.json();
+    return data.success;
+  }
+  return false;
+}
+var getUserContext = (refreshKey, signingKey, req) => {
+  const bearer = req.headers.get("authorization");
+  if (!bearer) {
+    const refresh = req.cookies.get("refresh")?.value;
+    const userId = getUserIdFromRefreshToken(refreshKey, refresh);
+    if (userId) return { refreshUserID: userId };
+    return null;
+  }
+  const token = bearer.slice(7);
+  try {
+    const res = verify2(token, signingKey);
+    if (typeof res === "string") {
+      return null;
+    }
+    return {
+      accessUserId: res.id
+    };
+  } catch {
+  }
+  return null;
+};
+
+// src/auth/email/routes/delete.ts
+var getDeleteRoute = () => () => getTokenizedResponse(void 0, "");
+
+// src/auth/email/routes/get.ts
+var getGetRoute = (options) => (req) => {
+  const refresh = req.cookies.get("refresh")?.value;
+  const userID = getUserIdFromRefreshToken(options.refreshKey, refresh);
+  if (userID)
+    return getTokenizedResponse(
+      generateAccessToken(userID, options.signingKey)
+    );
+  return getTokenizedResponse();
+};
+
+// src/auth/email/routes/post.ts
+import { hash } from "bcryptjs";
+var getPostRoute = (options) => async (req) => {
+  const { data, error } = await massageRequest(req, options);
+  if (error || !data) return error;
+  const existingUser = await options.getUser(data.email);
+  if (existingUser) {
+    if (await verifyUser(existingUser, data.password)) {
+      return getTokenizedResponse(
+        generateAccessToken(existingUser.id, options.signingKey),
+        generateRefreshToken(existingUser.id, options.refreshKey)
+      );
+    }
+    return handleError(400, "A user already exists", options.onError);
+  }
+  const encryptedPassword = await hash(data.password, 10);
+  const newUser = await options.createUser({
+    ...data,
+    password: encryptedPassword
+  });
+  if (newUser) {
+    options.onSignUp?.(newUser);
+    return getTokenizedResponse(
+      generateAccessToken(newUser.id, options.signingKey),
+      generateRefreshToken(newUser.id, options.refreshKey)
+    );
+  }
+  return getTokenizedResponse();
+};
+
+// src/auth/email/routes/put.ts
+var getPutRoute = (options) => async (req) => {
+  const { data, error } = await massageRequest(req, options);
+  if (error || !data) return error;
+  const user = await options.getUser(data.email);
+  if (!user)
+    return handleError(400, "A user does not exist", options.onError);
+  if (await verifyUser(user, data.password)) {
+    return getTokenizedResponse(
+      generateAccessToken(user.id, options.signingKey),
+      generateRefreshToken(user.id, options.refreshKey)
+    );
+  }
+  return handleError(403, "Invalid password", options.onError);
+};
+
+// src/auth/email/index.ts
+function getEmailAuthRoutes(options) {
+  return {
+    GET: getGetRoute(options),
+    POST: getPostRoute(options),
+    PUT: getPutRoute(options),
+    DELETE: getDeleteRoute(),
+    getUserIdFromRequest: (req) => getUserContext(options.refreshKey, options.signingKey, req)
+  };
+}
+export {
+  getEmailAuthRoutes
+};

package/dist/auth/email/routes/delete.cjs.js

@@ -0,0 +1,58 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/auth/email/routes/delete.ts
+var delete_exports = {};
+__export(delete_exports, {
+  getDeleteRoute: () => getDeleteRoute
+});
+module.exports = __toCommonJS(delete_exports);
+
+// src/auth/email/token.ts
+var import_bcryptjs = require("bcryptjs");
+var import_jsonwebtoken = require("jsonwebtoken");
+var import_server = require("next/server");
+function getTokenizedResponse(accessToken, refreshToken) {
+  const body = { accessToken, refreshToken };
+  const response = import_server.NextResponse.json(body, {
+    status: 200
+  });
+  if (!accessToken) {
+    response.cookies.set("refresh", "", {
+      secure: false,
+      httpOnly: true,
+      expires: 0
+    });
+  }
+  if (refreshToken !== void 0) {
+    response.cookies.set("refresh", refreshToken, {
+      secure: false,
+      httpOnly: true,
+      expires: refreshToken === "" ? 0 : new Date(Date.now() + 60 * 60 * 24 * 365 * 1e3)
+    });
+  }
+  return response;
+}
+
+// src/auth/email/routes/delete.ts
+var getDeleteRoute = () => () => getTokenizedResponse(void 0, "");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getDeleteRoute
+});

package/dist/auth/email/routes/delete.d.mts

@@ -0,0 +1,8 @@
+import * as next_server from 'next/server';
+
+declare const getDeleteRoute: () => () => next_server.NextResponse<{
+    accessToken: string | undefined;
+    refreshToken: string | undefined;
+}>;
+
+export { getDeleteRoute };

package/dist/auth/email/routes/delete.d.ts

@@ -0,0 +1,8 @@
+import * as next_server from 'next/server';
+
+declare const getDeleteRoute: () => () => next_server.NextResponse<{
+    accessToken: string | undefined;
+    refreshToken: string | undefined;
+}>;
+
+export { getDeleteRoute };

package/dist/auth/email/routes/delete.esm.js

@@ -0,0 +1,31 @@
+// src/auth/email/token.ts
+import { compare } from "bcryptjs";
+import { JsonWebTokenError, sign, verify } from "jsonwebtoken";
+import { NextResponse } from "next/server";
+function getTokenizedResponse(accessToken, refreshToken) {
+  const body = { accessToken, refreshToken };
+  const response = NextResponse.json(body, {
+    status: 200
+  });
+  if (!accessToken) {
+    response.cookies.set("refresh", "", {
+      secure: false,
+      httpOnly: true,
+      expires: 0
+    });
+  }
+  if (refreshToken !== void 0) {
+    response.cookies.set("refresh", refreshToken, {
+      secure: false,
+      httpOnly: true,
+      expires: refreshToken === "" ? 0 : new Date(Date.now() + 60 * 60 * 24 * 365 * 1e3)
+    });
+  }
+  return response;
+}
+
+// src/auth/email/routes/delete.ts
+var getDeleteRoute = () => () => getTokenizedResponse(void 0, "");
+export {
+  getDeleteRoute
+};

package/dist/auth/email/routes/get.cjs.js

@@ -0,0 +1,83 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/auth/email/routes/get.ts
+var get_exports = {};
+__export(get_exports, {
+  getGetRoute: () => getGetRoute
+});
+module.exports = __toCommonJS(get_exports);
+
+// src/auth/email/token.ts
+var import_bcryptjs = require("bcryptjs");
+var import_jsonwebtoken = require("jsonwebtoken");
+var import_server = require("next/server");
+function generateAccessToken(id, signingKey) {
+  return (0, import_jsonwebtoken.sign)({ id }, signingKey, {
+    expiresIn: "2h"
+  });
+}
+function getTokenizedResponse(accessToken, refreshToken) {
+  const body = { accessToken, refreshToken };
+  const response = import_server.NextResponse.json(body, {
+    status: 200
+  });
+  if (!accessToken) {
+    response.cookies.set("refresh", "", {
+      secure: false,
+      httpOnly: true,
+      expires: 0
+    });
+  }
+  if (refreshToken !== void 0) {
+    response.cookies.set("refresh", refreshToken, {
+      secure: false,
+      httpOnly: true,
+      expires: refreshToken === "" ? 0 : new Date(Date.now() + 60 * 60 * 24 * 365 * 1e3)
+    });
+  }
+  return response;
+}
+function getUserIdFromRefreshToken(refreshKey, refreshToken) {
+  if (refreshToken)
+    try {
+      const decoded = (0, import_jsonwebtoken.verify)(refreshToken, refreshKey);
+      if (typeof decoded !== "string" && typeof decoded.id === "number")
+        return decoded.id;
+    } catch (e) {
+      if (!(e instanceof import_jsonwebtoken.JsonWebTokenError)) console.error(e, "errors");
+      return null;
+    }
+  return null;
+}
+
+// src/auth/email/routes/get.ts
+var getGetRoute = (options) => (req) => {
+  const refresh = req.cookies.get("refresh")?.value;
+  const userID = getUserIdFromRefreshToken(options.refreshKey, refresh);
+  if (userID)
+    return getTokenizedResponse(
+      generateAccessToken(userID, options.signingKey)
+    );
+  return getTokenizedResponse();
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getGetRoute
+});

package/dist/auth/email/routes/get.d.mts

@@ -0,0 +1,11 @@
+import * as next_server from 'next/server';
+import { NextRequest } from 'next/server';
+import { InitRoutesOptions } from '../types.mjs';
+import '../../types.mjs';
+
+declare const getGetRoute: (options: InitRoutesOptions) => (req: NextRequest) => next_server.NextResponse<{
+    accessToken: string | undefined;
+    refreshToken: string | undefined;
+}>;
+
+export { getGetRoute };

package/dist/auth/email/routes/get.d.ts

@@ -0,0 +1,11 @@
+import * as next_server from 'next/server';
+import { NextRequest } from 'next/server';
+import { InitRoutesOptions } from '../types.js';
+import '../../types.js';
+
+declare const getGetRoute: (options: InitRoutesOptions) => (req: NextRequest) => next_server.NextResponse<{
+    accessToken: string | undefined;
+    refreshToken: string | undefined;
+}>;
+
+export { getGetRoute };