naystack 1.4.16 → 1.4.21

package/dist/auth/google/index.esm.js

@@ -10,6 +10,55 @@ import { cookies } from "next/headers";
 import { redirect } from "next/navigation";
 import { NextResponse } from "next/server";
 
+// src/env.ts
+var getEnvValue = (key) => {
+  switch (key) {
+    case "NEXT_PUBLIC_GRAPHQL_ENDPOINT" /* NEXT_PUBLIC_GRAPHQL_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_GRAPHQL_ENDPOINT;
+    case "NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT" /* NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT" /* NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT" /* NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_FILE_ENDPOINT" /* NEXT_PUBLIC_FILE_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_FILE_ENDPOINT;
+    case "NEXT_PUBLIC_BASE_URL" /* NEXT_PUBLIC_BASE_URL */:
+      return process.env.NEXT_PUBLIC_BASE_URL;
+    case "REFRESH_KEY" /* REFRESH_KEY */:
+      return process.env.REFRESH_KEY;
+    case "SIGNING_KEY" /* SIGNING_KEY */:
+      return process.env.SIGNING_KEY;
+    case "INSTAGRAM_CLIENT_SECRET" /* INSTAGRAM_CLIENT_SECRET */:
+      return process.env.INSTAGRAM_CLIENT_SECRET;
+    case "INSTAGRAM_CLIENT_ID" /* INSTAGRAM_CLIENT_ID */:
+      return process.env.INSTAGRAM_CLIENT_ID;
+    case "GOOGLE_CLIENT_SECRET" /* GOOGLE_CLIENT_SECRET */:
+      return process.env.GOOGLE_CLIENT_SECRET;
+    case "GOOGLE_CLIENT_ID" /* GOOGLE_CLIENT_ID */:
+      return process.env.GOOGLE_CLIENT_ID;
+    case "TURNSTILE_KEY" /* TURNSTILE_KEY */:
+      return process.env.TURNSTILE_KEY;
+    case "AWS_ACCESS_KEY_ID" /* AWS_ACCESS_KEY_ID */:
+      return process.env.AWS_ACCESS_KEY_ID;
+    case "AWS_ACCESS_KEY_SECRET" /* AWS_ACCESS_KEY_SECRET */:
+      return process.env.AWS_ACCESS_KEY_SECRET;
+    case "AWS_REGION" /* AWS_REGION */:
+      return process.env.AWS_REGION;
+    case "AWS_BUCKET" /* AWS_BUCKET */:
+      return process.env.AWS_BUCKET;
+    case "NODE_ENV" /* NODE_ENV */:
+      return process.env.NODE_ENV;
+    default:
+      return process.env[key];
+  }
+};
+function getEnv(key, skipCheck) {
+  const value = getEnvValue(key);
+  if (!skipCheck && !value) throw new Error(`${key} is not defined`);
+  return value;
+}
+
 // src/auth/constants.ts
 var REFRESH_COOKIE_NAME = "refresh";
 
@@ -22,13 +71,14 @@ function generateRefreshToken(id, refreshKey) {
 var getGoogleGetRoute = ({
   getUserIdFromEmail,
   redirectURL,
-  errorRedirectURL,
-  clientId,
-  clientSecret,
-  keys
+  errorRedirectURL
 }) => {
-  const url = process.env.NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT;
-  const oauth2Client = new google.auth.OAuth2(clientId, clientSecret, url);
+  const url = getEnv("NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT" /* NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT */);
+  const oauth2Client = new google.auth.OAuth2(
+    getEnv("GOOGLE_CLIENT_ID" /* GOOGLE_CLIENT_ID */),
+    getEnv("GOOGLE_CLIENT_SECRET" /* GOOGLE_CLIENT_SECRET */),
+    url
+  );
   return async (req) => {
     const code = req.nextUrl.searchParams.get("code");
     const error = req.nextUrl.searchParams.get("error");
@@ -72,7 +122,7 @@ var getGoogleGetRoute = ({
         if (id) {
           res.cookies.set(
             REFRESH_COOKIE_NAME,
-            generateRefreshToken(id, keys.refresh),
+            generateRefreshToken(id, getEnv("REFRESH_KEY" /* REFRESH_KEY */)),
             {
               httpOnly: true,
               secure: true

package/dist/auth/index.cjs.js

@@ -37,6 +37,55 @@ var import_headers = require("next/headers");
 var import_navigation = require("next/navigation");
 var import_server = require("next/server");
 
+// src/env.ts
+var getEnvValue = (key) => {
+  switch (key) {
+    case "NEXT_PUBLIC_GRAPHQL_ENDPOINT" /* NEXT_PUBLIC_GRAPHQL_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_GRAPHQL_ENDPOINT;
+    case "NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT" /* NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT" /* NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT" /* NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_FILE_ENDPOINT" /* NEXT_PUBLIC_FILE_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_FILE_ENDPOINT;
+    case "NEXT_PUBLIC_BASE_URL" /* NEXT_PUBLIC_BASE_URL */:
+      return process.env.NEXT_PUBLIC_BASE_URL;
+    case "REFRESH_KEY" /* REFRESH_KEY */:
+      return process.env.REFRESH_KEY;
+    case "SIGNING_KEY" /* SIGNING_KEY */:
+      return process.env.SIGNING_KEY;
+    case "INSTAGRAM_CLIENT_SECRET" /* INSTAGRAM_CLIENT_SECRET */:
+      return process.env.INSTAGRAM_CLIENT_SECRET;
+    case "INSTAGRAM_CLIENT_ID" /* INSTAGRAM_CLIENT_ID */:
+      return process.env.INSTAGRAM_CLIENT_ID;
+    case "GOOGLE_CLIENT_SECRET" /* GOOGLE_CLIENT_SECRET */:
+      return process.env.GOOGLE_CLIENT_SECRET;
+    case "GOOGLE_CLIENT_ID" /* GOOGLE_CLIENT_ID */:
+      return process.env.GOOGLE_CLIENT_ID;
+    case "TURNSTILE_KEY" /* TURNSTILE_KEY */:
+      return process.env.TURNSTILE_KEY;
+    case "AWS_ACCESS_KEY_ID" /* AWS_ACCESS_KEY_ID */:
+      return process.env.AWS_ACCESS_KEY_ID;
+    case "AWS_ACCESS_KEY_SECRET" /* AWS_ACCESS_KEY_SECRET */:
+      return process.env.AWS_ACCESS_KEY_SECRET;
+    case "AWS_REGION" /* AWS_REGION */:
+      return process.env.AWS_REGION;
+    case "AWS_BUCKET" /* AWS_BUCKET */:
+      return process.env.AWS_BUCKET;
+    case "NODE_ENV" /* NODE_ENV */:
+      return process.env.NODE_ENV;
+    default:
+      return process.env[key];
+  }
+};
+function getEnv(key, skipCheck) {
+  const value = getEnvValue(key);
+  if (!skipCheck && !value) throw new Error(`${key} is not defined`);
+  return value;
+}
+
 // src/auth/constants.ts
 var REFRESH_COOKIE_NAME = "refresh";
 
@@ -83,9 +132,9 @@ function getUserIdFromRefreshToken(refreshKey, refreshToken) {
   return null;
 }
 function getUserIdFromAccessToken(refreshToken) {
-  if (refreshToken && process.env.SIGNING_KEY)
+  if (refreshToken)
     try {
-      const decoded = (0, import_jsonwebtoken.verify)(refreshToken, process.env.SIGNING_KEY);
+      const decoded = (0, import_jsonwebtoken.verify)(refreshToken, getEnv("SIGNING_KEY" /* SIGNING_KEY */));
       if (typeof decoded !== "string" && typeof decoded.id === "number")
         return decoded.id;
     } catch (e) {
@@ -121,12 +170,13 @@ async function massageRequest(req, options) {
     return {
       error: handleError(400, "Missing password", options.onError)
     };
-  if (options.turnstileKey) {
+  const turnstileKey = getEnv("TURNSTILE_KEY" /* TURNSTILE_KEY */, true);
+  if (turnstileKey) {
     if (!data.captchaToken)
       return {
         error: handleError(400, "Missing captchaToken", options.onError)
       };
-    if (!await verifyCaptcha(data.captchaToken, options.turnstileKey))
+    if (!await verifyCaptcha(data.captchaToken, turnstileKey))
       return {
         error: handleError(400, "Invalid captcha", options.onError)
       };
@@ -159,17 +209,20 @@ async function verifyCaptcha(token, secret) {
   }
   return false;
 }
-var getContext = (keys, req) => {
+var getContext = (req) => {
   const bearer = req.headers.get("authorization");
   if (!bearer) {
     const refresh = req.cookies.get(REFRESH_COOKIE_NAME)?.value;
-    const userId = getUserIdFromRefreshToken(keys.refresh, refresh);
+    const userId = getUserIdFromRefreshToken(
+      getEnv("REFRESH_KEY" /* REFRESH_KEY */),
+      refresh
+    );
     if (userId) return { userId, isRefreshID: true };
     return { userId: null };
   }
   const token = bearer.slice(7);
   try {
-    const res = (0, import_jsonwebtoken2.verify)(token, keys.signing);
+    const res = (0, import_jsonwebtoken2.verify)(token, getEnv("SIGNING_KEY" /* SIGNING_KEY */));
     if (typeof res === "string") {
       return { userId: null };
     }
@@ -184,7 +237,7 @@ var getContext = (keys, req) => {
 // src/auth/email/routes/delete.ts
 var getDeleteRoute = (options) => async (req) => {
   if (options.onLogout) {
-    const ctx = await getContext(options.keys, req);
+    const ctx = await getContext(req);
     const body = await req.json();
     await options.onLogout?.(ctx.userId, body);
   }
@@ -194,14 +247,17 @@ var getDeleteRoute = (options) => async (req) => {
 // src/auth/email/routes/get.ts
 var getGetRoute = (options) => async (req) => {
   const refresh = req.cookies.get(REFRESH_COOKIE_NAME)?.value;
-  const userID = getUserIdFromRefreshToken(options.keys.refresh, refresh);
+  const userID = getUserIdFromRefreshToken(
+    getEnv("REFRESH_KEY" /* REFRESH_KEY */),
+    refresh
+  );
   if (userID) {
     if (options.onRefresh) {
       const body = await req.json();
       await options.onRefresh?.(userID, body);
     }
     return getTokenizedResponse(
-      generateAccessToken(userID, options.keys.signing)
+      generateAccessToken(userID, getEnv("SIGNING_KEY" /* SIGNING_KEY */))
     );
   }
   return getTokenizedResponse();
@@ -216,8 +272,11 @@ var getPostRoute = (options) => async (req) => {
   if (existingUser) {
     if (await verifyUser(existingUser, data.password)) {
       return getTokenizedResponse(
-        generateAccessToken(existingUser.id, options.keys.signing),
-        generateRefreshToken(existingUser.id, options.keys.refresh)
+        generateAccessToken(existingUser.id, getEnv("SIGNING_KEY" /* SIGNING_KEY */)),
+        generateRefreshToken(
+          existingUser.id,
+          getEnv("REFRESH_KEY" /* REFRESH_KEY */)
+        )
       );
     }
     return handleError(400, "A user already exists", options.onError);
@@ -232,8 +291,8 @@ var getPostRoute = (options) => async (req) => {
       await options.onSignUp?.(newUser.id, data);
     }
     return getTokenizedResponse(
-      generateAccessToken(newUser.id, options.keys.signing),
-      generateRefreshToken(newUser.id, options.keys.refresh)
+      generateAccessToken(newUser.id, getEnv("SIGNING_KEY" /* SIGNING_KEY */)),
+      generateRefreshToken(newUser.id, getEnv("REFRESH_KEY" /* REFRESH_KEY */))
     );
   }
   return getTokenizedResponse();
@@ -251,8 +310,8 @@ var getPutRoute = (options) => async (req) => {
       await options.onLogin?.(user.id, data);
     }
     return getTokenizedResponse(
-      generateAccessToken(user.id, options.keys.signing),
-      generateRefreshToken(user.id, options.keys.refresh)
+      generateAccessToken(user.id, getEnv("SIGNING_KEY" /* SIGNING_KEY */)),
+      generateRefreshToken(user.id, getEnv("REFRESH_KEY" /* REFRESH_KEY */))
     );
   }
   return handleError(403, "Invalid password", options.onError);
@@ -265,7 +324,7 @@ function getEmailAuthRoutes(options) {
     POST: getPostRoute(options),
     PUT: getPutRoute(options),
     DELETE: getDeleteRoute(options),
-    getContext: (req) => getContext(options.keys, req)
+    getContext
   };
 }
 
@@ -276,13 +335,14 @@ var import_uuid = require("uuid");
 var getGoogleGetRoute = ({
   getUserIdFromEmail,
   redirectURL,
-  errorRedirectURL,
-  clientId,
-  clientSecret,
-  keys
+  errorRedirectURL
 }) => {
-  const url = process.env.NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT;
-  const oauth2Client = new import_googleapis.google.auth.OAuth2(clientId, clientSecret, url);
+  const url = getEnv("NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT" /* NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT */);
+  const oauth2Client = new import_googleapis.google.auth.OAuth2(
+    getEnv("GOOGLE_CLIENT_ID" /* GOOGLE_CLIENT_ID */),
+    getEnv("GOOGLE_CLIENT_SECRET" /* GOOGLE_CLIENT_SECRET */),
+    url
+  );
   return async (req) => {
     const code = req.nextUrl.searchParams.get("code");
     const error = req.nextUrl.searchParams.get("error");
@@ -326,7 +386,7 @@ var getGoogleGetRoute = ({
         if (id) {
           res.cookies.set(
             REFRESH_COOKIE_NAME,
-            generateRefreshToken(id, keys.refresh),
+            generateRefreshToken(id, getEnv("REFRESH_KEY" /* REFRESH_KEY */)),
             {
               httpOnly: true,
               secure: true
@@ -379,7 +439,7 @@ async function getLongLivedToken(code, redirectURL, clientId, clientSecret) {
     if (shortResData.access_token) {
       const shortLivedToken = shortResData.access_token;
       const longRes = await fetch(
-        `https://graph.instagram.com/access_token?grant_type=ig_exchange_token&access_token=${shortLivedToken}&client_secret=${process.env.INSTAGRAM_CLIENT_SECRET}`
+        `https://graph.instagram.com/access_token?grant_type=ig_exchange_token&access_token=${shortLivedToken}&client_secret=${getEnv("INSTAGRAM_CLIENT_SECRET" /* INSTAGRAM_CLIENT_SECRET */)}`
       );
       if (longRes.ok) {
         const longResData = await longRes.json();
@@ -421,9 +481,7 @@ var import_server4 = require("next/server");
 var getInstagramRoute = ({
   successRedirectURL,
   errorRedirectURL,
-  onUser,
-  clientSecret,
-  clientId
+  onUser
 }) => {
   const handleError2 = (message) => import_server5.NextResponse.redirect(`${errorRedirectURL}?error=${message}`);
   return async (req) => {
@@ -434,9 +492,9 @@ var getInstagramRoute = ({
     if (!stateToken || !accessCode) return handleError2("Invalid request");
     const instagramData = await getLongLivedToken(
       accessCode,
-      process.env.NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT,
-      clientId,
-      clientSecret
+      getEnv("NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT" /* NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT */),
+      getEnv("INSTAGRAM_CLIENT_ID" /* INSTAGRAM_CLIENT_ID */),
+      getEnv("INSTAGRAM_CLIENT_SECRET" /* INSTAGRAM_CLIENT_SECRET */)
     );
     if (!instagramData?.accessToken)
       return handleError2("Unable to reach Instagram");

package/dist/auth/index.esm.js

@@ -8,6 +8,55 @@ import { cookies } from "next/headers";
 import { redirect } from "next/navigation";
 import { NextResponse } from "next/server";
 
+// src/env.ts
+var getEnvValue = (key) => {
+  switch (key) {
+    case "NEXT_PUBLIC_GRAPHQL_ENDPOINT" /* NEXT_PUBLIC_GRAPHQL_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_GRAPHQL_ENDPOINT;
+    case "NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT" /* NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT" /* NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT" /* NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_FILE_ENDPOINT" /* NEXT_PUBLIC_FILE_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_FILE_ENDPOINT;
+    case "NEXT_PUBLIC_BASE_URL" /* NEXT_PUBLIC_BASE_URL */:
+      return process.env.NEXT_PUBLIC_BASE_URL;
+    case "REFRESH_KEY" /* REFRESH_KEY */:
+      return process.env.REFRESH_KEY;
+    case "SIGNING_KEY" /* SIGNING_KEY */:
+      return process.env.SIGNING_KEY;
+    case "INSTAGRAM_CLIENT_SECRET" /* INSTAGRAM_CLIENT_SECRET */:
+      return process.env.INSTAGRAM_CLIENT_SECRET;
+    case "INSTAGRAM_CLIENT_ID" /* INSTAGRAM_CLIENT_ID */:
+      return process.env.INSTAGRAM_CLIENT_ID;
+    case "GOOGLE_CLIENT_SECRET" /* GOOGLE_CLIENT_SECRET */:
+      return process.env.GOOGLE_CLIENT_SECRET;
+    case "GOOGLE_CLIENT_ID" /* GOOGLE_CLIENT_ID */:
+      return process.env.GOOGLE_CLIENT_ID;
+    case "TURNSTILE_KEY" /* TURNSTILE_KEY */:
+      return process.env.TURNSTILE_KEY;
+    case "AWS_ACCESS_KEY_ID" /* AWS_ACCESS_KEY_ID */:
+      return process.env.AWS_ACCESS_KEY_ID;
+    case "AWS_ACCESS_KEY_SECRET" /* AWS_ACCESS_KEY_SECRET */:
+      return process.env.AWS_ACCESS_KEY_SECRET;
+    case "AWS_REGION" /* AWS_REGION */:
+      return process.env.AWS_REGION;
+    case "AWS_BUCKET" /* AWS_BUCKET */:
+      return process.env.AWS_BUCKET;
+    case "NODE_ENV" /* NODE_ENV */:
+      return process.env.NODE_ENV;
+    default:
+      return process.env[key];
+  }
+};
+function getEnv(key, skipCheck) {
+  const value = getEnvValue(key);
+  if (!skipCheck && !value) throw new Error(`${key} is not defined`);
+  return value;
+}
+
 // src/auth/constants.ts
 var REFRESH_COOKIE_NAME = "refresh";
 
@@ -54,9 +103,9 @@ function getUserIdFromRefreshToken(refreshKey, refreshToken) {
   return null;
 }
 function getUserIdFromAccessToken(refreshToken) {
-  if (refreshToken && process.env.SIGNING_KEY)
+  if (refreshToken)
     try {
-      const decoded = verify(refreshToken, process.env.SIGNING_KEY);
+      const decoded = verify(refreshToken, getEnv("SIGNING_KEY" /* SIGNING_KEY */));
       if (typeof decoded !== "string" && typeof decoded.id === "number")
         return decoded.id;
     } catch (e) {
@@ -92,12 +141,13 @@ async function massageRequest(req, options) {
     return {
       error: handleError(400, "Missing password", options.onError)
     };
-  if (options.turnstileKey) {
+  const turnstileKey = getEnv("TURNSTILE_KEY" /* TURNSTILE_KEY */, true);
+  if (turnstileKey) {
     if (!data.captchaToken)
       return {
         error: handleError(400, "Missing captchaToken", options.onError)
       };
-    if (!await verifyCaptcha(data.captchaToken, options.turnstileKey))
+    if (!await verifyCaptcha(data.captchaToken, turnstileKey))
       return {
         error: handleError(400, "Invalid captcha", options.onError)
       };
@@ -130,17 +180,20 @@ async function verifyCaptcha(token, secret) {
   }
   return false;
 }
-var getContext = (keys, req) => {
+var getContext = (req) => {
   const bearer = req.headers.get("authorization");
   if (!bearer) {
     const refresh = req.cookies.get(REFRESH_COOKIE_NAME)?.value;
-    const userId = getUserIdFromRefreshToken(keys.refresh, refresh);
+    const userId = getUserIdFromRefreshToken(
+      getEnv("REFRESH_KEY" /* REFRESH_KEY */),
+      refresh
+    );
     if (userId) return { userId, isRefreshID: true };
     return { userId: null };
   }
   const token = bearer.slice(7);
   try {
-    const res = verify2(token, keys.signing);
+    const res = verify2(token, getEnv("SIGNING_KEY" /* SIGNING_KEY */));
     if (typeof res === "string") {
       return { userId: null };
     }
@@ -155,7 +208,7 @@ var getContext = (keys, req) => {
 // src/auth/email/routes/delete.ts
 var getDeleteRoute = (options) => async (req) => {
   if (options.onLogout) {
-    const ctx = await getContext(options.keys, req);
+    const ctx = await getContext(req);
     const body = await req.json();
     await options.onLogout?.(ctx.userId, body);
   }
@@ -165,14 +218,17 @@ var getDeleteRoute = (options) => async (req) => {
 // src/auth/email/routes/get.ts
 var getGetRoute = (options) => async (req) => {
   const refresh = req.cookies.get(REFRESH_COOKIE_NAME)?.value;
-  const userID = getUserIdFromRefreshToken(options.keys.refresh, refresh);
+  const userID = getUserIdFromRefreshToken(
+    getEnv("REFRESH_KEY" /* REFRESH_KEY */),
+    refresh
+  );
   if (userID) {
     if (options.onRefresh) {
       const body = await req.json();
       await options.onRefresh?.(userID, body);
     }
     return getTokenizedResponse(
-      generateAccessToken(userID, options.keys.signing)
+      generateAccessToken(userID, getEnv("SIGNING_KEY" /* SIGNING_KEY */))
     );
   }
   return getTokenizedResponse();
@@ -187,8 +243,11 @@ var getPostRoute = (options) => async (req) => {
   if (existingUser) {
     if (await verifyUser(existingUser, data.password)) {
       return getTokenizedResponse(
-        generateAccessToken(existingUser.id, options.keys.signing),
-        generateRefreshToken(existingUser.id, options.keys.refresh)
+        generateAccessToken(existingUser.id, getEnv("SIGNING_KEY" /* SIGNING_KEY */)),
+        generateRefreshToken(
+          existingUser.id,
+          getEnv("REFRESH_KEY" /* REFRESH_KEY */)
+        )
       );
     }
     return handleError(400, "A user already exists", options.onError);
@@ -203,8 +262,8 @@ var getPostRoute = (options) => async (req) => {
       await options.onSignUp?.(newUser.id, data);
     }
     return getTokenizedResponse(
-      generateAccessToken(newUser.id, options.keys.signing),
-      generateRefreshToken(newUser.id, options.keys.refresh)
+      generateAccessToken(newUser.id, getEnv("SIGNING_KEY" /* SIGNING_KEY */)),
+      generateRefreshToken(newUser.id, getEnv("REFRESH_KEY" /* REFRESH_KEY */))
     );
   }
   return getTokenizedResponse();
@@ -222,8 +281,8 @@ var getPutRoute = (options) => async (req) => {
       await options.onLogin?.(user.id, data);
     }
     return getTokenizedResponse(
-      generateAccessToken(user.id, options.keys.signing),
-      generateRefreshToken(user.id, options.keys.refresh)
+      generateAccessToken(user.id, getEnv("SIGNING_KEY" /* SIGNING_KEY */)),
+      generateRefreshToken(user.id, getEnv("REFRESH_KEY" /* REFRESH_KEY */))
     );
   }
   return handleError(403, "Invalid password", options.onError);
@@ -236,7 +295,7 @@ function getEmailAuthRoutes(options) {
     POST: getPostRoute(options),
     PUT: getPutRoute(options),
     DELETE: getDeleteRoute(options),
-    getContext: (req) => getContext(options.keys, req)
+    getContext
   };
 }
 
@@ -247,13 +306,14 @@ import { v4 } from "uuid";
 var getGoogleGetRoute = ({
   getUserIdFromEmail,
   redirectURL,
-  errorRedirectURL,
-  clientId,
-  clientSecret,
-  keys
+  errorRedirectURL
 }) => {
-  const url = process.env.NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT;
-  const oauth2Client = new google.auth.OAuth2(clientId, clientSecret, url);
+  const url = getEnv("NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT" /* NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT */);
+  const oauth2Client = new google.auth.OAuth2(
+    getEnv("GOOGLE_CLIENT_ID" /* GOOGLE_CLIENT_ID */),
+    getEnv("GOOGLE_CLIENT_SECRET" /* GOOGLE_CLIENT_SECRET */),
+    url
+  );
   return async (req) => {
     const code = req.nextUrl.searchParams.get("code");
     const error = req.nextUrl.searchParams.get("error");
@@ -297,7 +357,7 @@ var getGoogleGetRoute = ({
         if (id) {
           res.cookies.set(
             REFRESH_COOKIE_NAME,
-            generateRefreshToken(id, keys.refresh),
+            generateRefreshToken(id, getEnv("REFRESH_KEY" /* REFRESH_KEY */)),
             {
               httpOnly: true,
               secure: true
@@ -350,7 +410,7 @@ async function getLongLivedToken(code, redirectURL, clientId, clientSecret) {
     if (shortResData.access_token) {
       const shortLivedToken = shortResData.access_token;
       const longRes = await fetch(
-        `https://graph.instagram.com/access_token?grant_type=ig_exchange_token&access_token=${shortLivedToken}&client_secret=${process.env.INSTAGRAM_CLIENT_SECRET}`
+        `https://graph.instagram.com/access_token?grant_type=ig_exchange_token&access_token=${shortLivedToken}&client_secret=${getEnv("INSTAGRAM_CLIENT_SECRET" /* INSTAGRAM_CLIENT_SECRET */)}`
       );
       if (longRes.ok) {
         const longResData = await longRes.json();
@@ -392,9 +452,7 @@ import { NextResponse as NextResponse4 } from "next/server";
 var getInstagramRoute = ({
   successRedirectURL,
   errorRedirectURL,
-  onUser,
-  clientSecret,
-  clientId
+  onUser
 }) => {
   const handleError2 = (message) => NextResponse5.redirect(`${errorRedirectURL}?error=${message}`);
   return async (req) => {
@@ -405,9 +463,9 @@ var getInstagramRoute = ({
     if (!stateToken || !accessCode) return handleError2("Invalid request");
     const instagramData = await getLongLivedToken(
       accessCode,
-      process.env.NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT,
-      clientId,
-      clientSecret
+      getEnv("NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT" /* NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT */),
+      getEnv("INSTAGRAM_CLIENT_ID" /* INSTAGRAM_CLIENT_ID */),
+      getEnv("INSTAGRAM_CLIENT_SECRET" /* INSTAGRAM_CLIENT_SECRET */)
     );
     if (!instagramData?.accessToken)
       return handleError2("Unable to reach Instagram");

package/dist/auth/instagram/client.cjs.js

@@ -23,7 +23,60 @@ __export(client_exports, {
   getInstagramAuthorizationURLSetup: () => getInstagramAuthorizationURLSetup
 });
 module.exports = __toCommonJS(client_exports);
-var getInstagramAuthorizationURLSetup = (clientId, redirectURL) => (token) => `https://www.instagram.com/oauth/authorize?client_id=${clientId}&response_type=code&enable_fb_login=0&force_authentication=1&scope=instagram_business_basic&state=${token}&redirect_uri=${redirectURL}`;
+
+// src/env.ts
+var getEnvValue = (key) => {
+  switch (key) {
+    case "NEXT_PUBLIC_GRAPHQL_ENDPOINT" /* NEXT_PUBLIC_GRAPHQL_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_GRAPHQL_ENDPOINT;
+    case "NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT" /* NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_EMAIL_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT" /* NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_GOOGLE_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT" /* NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_INSTAGRAM_AUTH_ENDPOINT;
+    case "NEXT_PUBLIC_FILE_ENDPOINT" /* NEXT_PUBLIC_FILE_ENDPOINT */:
+      return process.env.NEXT_PUBLIC_FILE_ENDPOINT;
+    case "NEXT_PUBLIC_BASE_URL" /* NEXT_PUBLIC_BASE_URL */:
+      return process.env.NEXT_PUBLIC_BASE_URL;
+    case "REFRESH_KEY" /* REFRESH_KEY */:
+      return process.env.REFRESH_KEY;
+    case "SIGNING_KEY" /* SIGNING_KEY */:
+      return process.env.SIGNING_KEY;
+    case "INSTAGRAM_CLIENT_SECRET" /* INSTAGRAM_CLIENT_SECRET */:
+      return process.env.INSTAGRAM_CLIENT_SECRET;
+    case "INSTAGRAM_CLIENT_ID" /* INSTAGRAM_CLIENT_ID */:
+      return process.env.INSTAGRAM_CLIENT_ID;
+    case "GOOGLE_CLIENT_SECRET" /* GOOGLE_CLIENT_SECRET */:
+      return process.env.GOOGLE_CLIENT_SECRET;
+    case "GOOGLE_CLIENT_ID" /* GOOGLE_CLIENT_ID */:
+      return process.env.GOOGLE_CLIENT_ID;
+    case "TURNSTILE_KEY" /* TURNSTILE_KEY */:
+      return process.env.TURNSTILE_KEY;
+    case "AWS_ACCESS_KEY_ID" /* AWS_ACCESS_KEY_ID */:
+      return process.env.AWS_ACCESS_KEY_ID;
+    case "AWS_ACCESS_KEY_SECRET" /* AWS_ACCESS_KEY_SECRET */:
+      return process.env.AWS_ACCESS_KEY_SECRET;
+    case "AWS_REGION" /* AWS_REGION */:
+      return process.env.AWS_REGION;
+    case "AWS_BUCKET" /* AWS_BUCKET */:
+      return process.env.AWS_BUCKET;
+    case "NODE_ENV" /* NODE_ENV */:
+      return process.env.NODE_ENV;
+    default:
+      return process.env[key];
+  }
+};
+function getEnv(key, skipCheck) {
+  const value = getEnvValue(key);
+  if (!skipCheck && !value) throw new Error(`${key} is not defined`);
+  return value;
+}
+
+// src/auth/instagram/client.ts
+var getInstagramAuthorizationURLSetup = (redirectURL) => (token) => `https://www.instagram.com/oauth/authorize?client_id=${getEnv(
+  "INSTAGRAM_CLIENT_ID" /* INSTAGRAM_CLIENT_ID */
+)}&response_type=code&enable_fb_login=0&force_authentication=1&scope=instagram_business_basic&state=${token}&redirect_uri=${redirectURL}`;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   getInstagramAuthorizationURLSetup

package/dist/auth/instagram/client.d.mts

@@ -1,3 +1,3 @@
-declare const getInstagramAuthorizationURLSetup: (clientId: string, redirectURL: string) => (token: string) => string;
+declare const getInstagramAuthorizationURLSetup: (redirectURL: string) => (token: string) => string;
 
 export { getInstagramAuthorizationURLSetup };

package/dist/auth/instagram/client.d.ts

@@ -1,3 +1,3 @@
-declare const getInstagramAuthorizationURLSetup: (clientId: string, redirectURL: string) => (token: string) => string;
+declare const getInstagramAuthorizationURLSetup: (redirectURL: string) => (token: string) => string;
 
 export { getInstagramAuthorizationURLSetup };