nuxt-auther 1.0.1 → 1.0.3

package/dist/utils/index.mjs

@@ -0,0 +1,123 @@
+export const isUnset = (o) => typeof o === "undefined" || o === null;
+export const isSet = (o) => !isUnset(o);
+export function parseQuery(queryString) {
+  const query = {};
+  const pairs = queryString.split("&");
+  for (let i = 0; i < pairs.length; i++) {
+    const pair = pairs[i].split("=");
+    query[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1] || "");
+  }
+  return query;
+}
+export function isRelativeURL(u) {
+  return u && u.length && new RegExp(["^\\/([a-zA-Z0-9@\\-%_~.:]", "[/a-zA-Z0-9@\\-%_~.:]*)?", "([?][^#]*)?(#[^#]*)?$"].join("")).test(u);
+}
+export function routeMeta(route, key, value) {
+  return route.meta[key] === value;
+}
+export function getMatchedComponents(route, matches = []) {
+  return [
+    ...route.matched.map(function(m, index) {
+      return Object.keys(m.components).map(function(key) {
+        matches.push(index);
+        return m.components[key];
+      });
+    })
+  ];
+}
+export function normalizePath(path = "", ctx) {
+  let result = path.split("?")[0];
+  if (ctx.$config.app.baseURL) {
+    result = result.replace(ctx.$config.app.baseURL, "/");
+  }
+  if (result.charAt(result.length - 1) === "/") {
+    result = result.slice(0, -1);
+  }
+  result = result.replace(/\/+/g, "/");
+  return result;
+}
+export function encodeValue(val) {
+  if (typeof val === "string") {
+    return val;
+  }
+  return JSON.stringify(val);
+}
+export function decodeValue(val) {
+  if (typeof val === "string") {
+    try {
+      return JSON.parse(val);
+    } catch (_) {
+    }
+  }
+  return val;
+}
+export function getProp(holder, propName) {
+  if (isJSON(holder)) {
+    holder = JSON.parse(holder);
+  }
+  if (!propName || !holder || typeof holder !== "object") {
+    return holder;
+  }
+  if (propName in holder) {
+    return holder[propName];
+  }
+  const propParts = Array.isArray(propName) ? propName : propName.split(".");
+  let result = holder;
+  for (let part of propParts) {
+    if (result[part] === void 0) {
+      return void 0;
+    }
+    result = result[part];
+  }
+  return result;
+}
+function isJSON(str) {
+  try {
+    JSON.parse(str);
+  } catch (e) {
+    return false;
+  }
+  return true;
+}
+export function addTokenPrefix(token, tokenType) {
+  if (!token || !tokenType || typeof token !== "string" || token.startsWith(tokenType)) {
+    return token;
+  }
+  return tokenType + " " + token;
+}
+export function removeTokenPrefix(token, tokenType) {
+  if (!token || !tokenType || typeof token !== "string") {
+    return token;
+  }
+  return token.replace(tokenType + " ", "");
+}
+export function cleanObj(obj) {
+  for (const key in obj) {
+    if (obj[key] === void 0) {
+      delete obj[key];
+    }
+  }
+  return obj;
+}
+export function randomString(length) {
+  const characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+  let result = "";
+  const charactersLength = characters.length;
+  for (let i = 0; i < length; i++) {
+    result += characters.charAt(Math.floor(Math.random() * charactersLength));
+  }
+  return result;
+}
+export function setH3Cookie(event, serializedCookie) {
+  let cookies = event.node.res.getHeader("Set-Cookie") || [];
+  if (!Array.isArray(cookies)) cookies = [cookies];
+  cookies.unshift(serializedCookie);
+  if (!event.node.res.headersSent) {
+    event.node.res.setHeader("Set-Cookie", cookies.filter(
+      (value, index, items) => items.findIndex(
+        (val) => val.startsWith(value.slice(0, value.indexOf("=")))
+      ) === index
+    ));
+  }
+}
+export const hasOwn = (object, key) => Object.hasOwn ? Object.hasOwn(object, key) : Object.prototype.hasOwnProperty.call(object, key);

package/dist/utils/provider.d.ts

@@ -0,0 +1,13 @@
+import type { Oauth2SchemeOptions, RefreshSchemeOptions } from '../runtime';
+import type { StrategyOptions, TokenableSchemeOptions } from '../types';
+import type { Nuxt } from '@nuxt/schema';
+export declare function assignDefaults<SOptions extends StrategyOptions>(strategy: SOptions, defaults: SOptions): void;
+export declare function addAuthorize<SOptions extends StrategyOptions<Oauth2SchemeOptions>>(nuxt: Nuxt, strategy: SOptions, useForms?: boolean): void;
+export declare function addLocalAuthorize<SOptions extends StrategyOptions<RefreshSchemeOptions>>(nuxt: Nuxt, strategy: SOptions): void;
+export declare function initializePasswordGrantFlow<SOptions extends StrategyOptions<RefreshSchemeOptions>>(nuxt: Nuxt, strategy: SOptions): void;
+export declare function assignAbsoluteEndpoints<SOptions extends StrategyOptions<(TokenableSchemeOptions | RefreshSchemeOptions) & {
+    url: string;
+}>>(strategy: SOptions): void;
+export declare function authorizeGrant(opt: any): string;
+export declare function localAuthorizeGrant(opt: any): string;
+export declare function passwordGrant(opt: any): string;

package/dist/utils/provider.mjs

@@ -0,0 +1,360 @@
+import { addServerHandler, addTemplate } from "@nuxt/kit";
+import { serialize } from "@refactorjs/serialize";
+import { join } from "pathe";
+import { defu } from "defu";
+export function assignDefaults(strategy, defaults) {
+  Object.assign(strategy, defu(strategy, defaults));
+}
+export function addAuthorize(nuxt, strategy, useForms = false) {
+  const clientSecret = strategy.clientSecret;
+  const clientId = strategy.clientId;
+  const tokenEndpoint = strategy.endpoints.token;
+  const audience = strategy.audience;
+  delete strategy.clientSecret;
+  const endpoint = `/_auth/oauth/${strategy.name}/authorize`;
+  strategy.endpoints.token = endpoint;
+  strategy.responseType = "code";
+  addTemplate({
+    filename: `authorize-${strategy.name}.ts`,
+    write: true,
+    getContents: () => authorizeGrant({
+      strategy,
+      useForms,
+      clientSecret,
+      clientId,
+      tokenEndpoint,
+      audience
+    })
+  });
+  addServerHandler({
+    route: endpoint,
+    method: "post",
+    handler: join(nuxt.options.buildDir, `authorize-${strategy.name}.ts`)
+  });
+}
+export function addLocalAuthorize(nuxt, strategy) {
+  const tokenEndpoint = strategy.endpoints?.login?.url;
+  const refreshEndpoint = strategy.endpoints?.refresh?.url;
+  const endpoint = `/_auth/local/${strategy.name}/authorize`;
+  strategy.endpoints.login.url = endpoint;
+  strategy.endpoints.refresh.url = endpoint;
+  addTemplate({
+    filename: `local-${strategy.name}.ts`,
+    write: true,
+    getContents: () => localAuthorizeGrant({
+      strategy,
+      tokenEndpoint,
+      refreshEndpoint
+    })
+  });
+  addServerHandler({
+    route: endpoint,
+    method: "post",
+    handler: join(nuxt.options.buildDir, `local-${strategy.name}.ts`)
+  });
+}
+export function initializePasswordGrantFlow(nuxt, strategy) {
+  const clientSecret = strategy.clientSecret;
+  const clientId = strategy.clientId;
+  const tokenEndpoint = strategy.endpoints.token;
+  delete strategy.clientSecret;
+  const endpoint = `/_auth/${strategy.name}/token`;
+  strategy.endpoints.login.url = endpoint;
+  strategy.endpoints.refresh.url = endpoint;
+  addTemplate({
+    filename: `password-${strategy.name}.ts`,
+    write: true,
+    getContents: () => passwordGrant({
+      strategy,
+      clientSecret,
+      clientId,
+      tokenEndpoint
+    })
+  });
+  addServerHandler({
+    route: endpoint,
+    method: "post",
+    handler: join(nuxt.options.buildDir, `password-${strategy.name}.ts`)
+  });
+}
+export function assignAbsoluteEndpoints(strategy) {
+  const { url, endpoints } = strategy;
+  if (endpoints) {
+    for (const key of Object.keys(endpoints)) {
+      const endpoint = endpoints[key];
+      if (endpoint) {
+        if (typeof endpoint === "object") {
+          if (!endpoint.url || endpoint.url.startsWith(url)) {
+            continue;
+          }
+          endpoints[key].url = url + endpoint.url;
+        } else {
+          if (endpoint.startsWith(url)) {
+            continue;
+          }
+          endpoints[key] = url + endpoint;
+        }
+      }
+    }
+  }
+}
+export function authorizeGrant(opt) {
+  return `import { defineEventHandler, readBody, createError, getCookie } from 'h3'
+// @ts-expect-error: virtual file 
+import { config } from '#nuxt-auth-options'
+import { serialize } from 'cookie-es'
+
+const options = ${serialize(opt, { space: 4 })}
+
+function addTokenPrefix(token: string | boolean, tokenType: string | false): string | boolean {
+    if (!token || !tokenType || typeof token !== 'string' || token.startsWith(tokenType)) {
+        return token;
+    }
+
+    return tokenType + ' ' + token;
+}
+
+export default defineEventHandler(async (event) => {
+    const {
+        code,
+        code_verifier: codeVerifier,
+        redirect_uri: redirectUri = options.strategy.redirectUri,
+        response_type: responseType = options.strategy.responseType,
+        grant_type: grantType = options.strategy.grantType,
+        refresh_token: refreshToken
+    } = await readBody(event)
+
+    const refreshCookieName = config.stores.cookie.prefix + options.strategy?.refreshToken?.prefix + options.strategy.name
+    const tokenCookieName = config.stores.cookie.prefix + options.strategy?.token?.prefix + options.strategy.name
+    const idTokenCookieName = config.stores.cookie.prefix + options.strategy?.idToken?.prefix + options.strategy.name
+    const serverRefreshToken = getCookie(event, refreshCookieName)
+
+    // Grant type is authorization code, but code is not available
+    if (grantType === 'authorization_code' && !code) {
+        return createError({
+            statusCode: 500,
+            message: 'Missing authorization code'
+        })
+    }
+
+    // Grant type is refresh token, but refresh token is not available
+    if ((grantType === 'refresh_token' && !options.strategy.refreshToken.httpOnly && !refreshToken) || (grantType === 'refresh_token' && options.strategy.refreshToken.httpOnly && !serverRefreshToken)) {
+        return createError({
+            statusCode: 500,
+            message: 'Missing refresh token'
+        })
+    }
+
+    let body = {
+        client_id: options.clientId,
+        client_secret: options.clientSecret,
+        refresh_token: options.strategy.refreshToken.httpOnly ? serverRefreshToken : refreshToken,
+        grant_type: grantType,
+        response_type: responseType,
+        redirect_uri: redirectUri,
+        audience: options.audience,
+        code_verifier: codeVerifier,
+        code
+    }
+
+    if (grantType !== 'refresh_token') {
+        delete body.refresh_token
+    }
+
+    const headers = {
+        Accept: 'application/json',
+        'Content-Type': 'application/json'
+    }
+
+    if (options.strategy.clientSecretTransport === 'authorization_header') {
+        // @ts-ignore
+        headers['Authorization'] = 'Basic ' + Buffer.from(options.clientId + ':' + options.clientSecret).toString('base64')
+        // client_secret is transported in auth header
+        delete body.client_secret
+    }
+
+    const response = await $http.post(options.tokenEndpoint, {
+        body,
+        headers
+    })
+
+    let cookies = event.node.res.getHeader('Set-Cookie') as string[] || [];
+
+    const refreshCookieValue = response._data?.[options.strategy?.refreshToken?.property]
+    if (config.stores.cookie.enabled && refreshCookieValue && options.strategy.refreshToken.httpOnly) {
+        const refreshCookie = serialize(refreshCookieName, refreshCookieValue, { ...config.stores.cookie.options, httpOnly: true })
+        cookies.push(refreshCookie);
+    }
+
+    const tokenCookieValue = response._data?.[options.strategy?.token?.property]
+    if (config.stores.cookie.enabled && tokenCookieValue && options.strategy.token.httpOnly) {
+        const token = addTokenPrefix(tokenCookieValue, options.strategy.token.type) as string
+        const tokenCookie = serialize(tokenCookieName, token, { ...config.stores.cookie.options, httpOnly: true })
+        cookies.push(tokenCookie);
+    }
+
+    const idTokenCookieValue = response._data?.[options.strategy?.idToken?.property]
+    if (config.stores.cookie.enabled && idTokenCookieValue && options.strategy.idToken.httpOnly) {
+        const idTokenCookie = serialize(idTokenCookieName, token, { ...config.stores.cookie.options, httpOnly: true })
+        cookies.push(idTokenCookie);
+    }
+
+    if (cookies.length) {
+        event.node.res.setHeader('Set-Cookie', cookies);
+    }
+
+    event.node.res.end(JSON.stringify(response._data))
+})
+`;
+}
+export function localAuthorizeGrant(opt) {
+  return `import { defineEventHandler, readBody, createError, getCookie, getRequestHeader } from 'h3'
+// @ts-expect-error: virtual file
+import { config } from '#nuxt-auth-options'
+import { serialize } from 'cookie-es'
+
+const options = ${serialize(opt, { space: 4 })}
+
+function addTokenPrefix(token: string | boolean, tokenType: string | false): string | boolean {
+    if (!token || !tokenType || typeof token !== 'string' || token.startsWith(tokenType)) {
+        return token;
+    }
+
+    return tokenType + ' ' + token;
+}
+
+export default defineEventHandler(async (event) => {
+    const requestBody = await readBody(event)
+
+    const refreshCookieName = config.stores.cookie.prefix + options.strategy?.refreshToken?.prefix + options.strategy.name
+    const refreshTokenDataName = options.strategy.refreshToken.data
+    const tokenCookieName = config.stores.cookie.prefix + options.strategy?.token?.prefix + options.strategy.name
+    const serverRefreshToken = getCookie(event, refreshCookieName)
+    const authHeader = getRequestHeader(event, 'authorization')
+
+    // Grant type is refresh token, but refresh token is not available
+    if ((requestBody.grant_type === 'refresh_token' && !options.strategy.refreshToken.httpOnly && !requestBody[refreshTokenDataName]) || (requestBody.grant_type === 'refresh_token' && options.strategy.refreshToken.httpOnly && !serverRefreshToken)) {
+        return createError({
+            statusCode: 500,
+            message: 'Missing refresh token'
+        })
+    }
+
+    let body = {
+        ...requestBody,
+        [refreshTokenDataName]: options.strategy.refreshToken.httpOnly ? serverRefreshToken : requestBody[refreshTokenDataName],
+    }
+
+    if (requestBody.grant_type !== 'refresh_token') {
+        delete body[refreshTokenDataName]
+    }
+
+    let headers = {
+        'Content-Type': 'application/json'
+    }
+
+    let response
+
+    if (body[refreshTokenDataName]) {
+        if (options.strategy?.refreshToken?.tokenRequired && authHeader) {
+            headers = {
+                ...headers,
+                // @ts-ignore
+                Authorization: authHeader,
+            }
+        }
+
+        response = await $http.post(options.refreshEndpoint, {
+            body,
+            headers: {
+                ...headers,
+                // @ts-ignore: headers might not be set
+                ...options.strategy?.endpoints?.refresh?.headers
+            }
+        })
+    } else {
+        response = await $http.post(options.tokenEndpoint, {
+            body,
+            headers: {
+                ...headers,
+                // @ts-ignore: headers might not be set
+                ...options.strategy?.endpoints?.login?.headers
+            }
+        })
+    }
+
+    let cookies = event.node.res.getHeader('Set-Cookie') as string[] || [];
+
+    const refreshCookieValue = response._data?.[options.strategy?.refreshToken?.property]
+    if (config.stores.cookie.enabled && refreshCookieValue && options.strategy.refreshToken.httpOnly) {
+        const refreshCookie = serialize(refreshCookieName, refreshCookieValue, { ...config.stores.cookie.options, httpOnly: true })
+        cookies.push(refreshCookie);
+    }
+
+    const tokenCookieValue = response._data?.[options.strategy?.token?.property]
+    if (config.stores.cookie.enabled && tokenCookieValue && options.strategy.token.httpOnly) {
+        const token = addTokenPrefix(tokenCookieValue, options.strategy.token.type) as string
+        const tokenCookie = serialize(tokenCookieName, token, { ...config.stores.cookie.options, httpOnly: true })
+        cookies.push(tokenCookie);
+    }
+
+    if (cookies.length) {
+        event.node.res.setHeader('Set-Cookie', cookies);
+    }
+
+    event.node.res.end(JSON.stringify(response._data))
+})
+`;
+}
+export function passwordGrant(opt) {
+  return `import requrl from 'requrl';
+import { defineEventHandler, readBody, createError } from 'h3';
+
+const options = ${serialize(opt, { space: 4 })}
+
+export default defineEventHandler(async (event) => {
+    const body = await readBody(event)
+
+    // If \`grant_type\` is not defined, set default value
+    if (!body.grant_type) {
+        body.grant_type = options.strategy.grantType
+    }
+
+    // If \`client_id\` is not defined, set default value
+    if (!body.client_id) {
+        body.grant_type = options.clientId
+    }
+
+    // Grant type is password, but username or password is not available
+    if (body.grant_type === 'password' && (!body.username || !body.password)) {
+        return createError({
+            statusCode: 400,
+            message: 'Invalid username or password'
+        })
+    }
+
+    // Grant type is refresh token, but refresh token is not available
+    if (body.grant_type === 'refresh_token' && !body.refresh_token) {
+        event.respondWith({ status: 400, body: JSON.stringify({ message: 'Refresh token not provided' }) });
+        return createError({
+            statusCode: 400,
+            message: 'Refresh token not provided'
+        })
+    }
+
+    const response = await $http.post(options.tokenEndpoint, {
+        baseURL: requrl(event.node.req),
+        body: {
+            client_id: options.clientId,
+            client_secret: options.clientSecret,
+            ...body
+        },
+        headers: {
+            Accept: 'application/json'
+        }
+    })
+
+    event.node.res.end(JSON.stringify(response._data))
+})
+`;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "nuxt-auther",
-    "version": "1.0.1",
+    "version": "1.0.3",
     "description": "Authentication module for Nuxt.JS",
     "homepage": "https://github.com/zerosdev/nuxt-auther",
     "author": "zerosdev",
@@ -31,7 +31,9 @@
     ],
     "scripts": {
         "dev": "nuxi dev playground",
-        "dev:build": "nuxi build playground"
+        "dev:build": "nuxi build playground",
+        "dev:prepare": "set JITI_ESM_RESOLVE=1 && jiti ./commands/cli.ts build --stub && set JITI_ESM_RESOLVE=1 && jiti ./commands/cli.ts prepare",
+        "prepack": "set JITI_ESM_RESOLVE=1 && jiti ./commands/cli.ts build"
     },
     "dependencies": {
         "@nuxt-alt/http": "latest",
@@ -52,7 +54,7 @@
         "@types/node": "^20",
         "jiti": "^1.21.6",
         "nuxt": "^3.9.3",
-        "typescript": "5.3.3",
+        "typescript": "^5.3.3",
         "unbuild": "^2.0.0"
     },
     "repository": {