nuxt-auther 1.0.2 → 1.0.3

package/dist/runtime/core/storage.mjs

@@ -0,0 +1,277 @@
+import { defineStore } from "pinia";
+import { isUnset, isSet, decodeValue, encodeValue, setH3Cookie } from "../../utils";
+import { parse, serialize } from "cookie-es";
+import { watch } from "vue";
+import { useState } from "#imports";
+export class Storage {
+  ctx;
+  options;
+  #PiniaStore;
+  #initPiniaStore;
+  #initStore;
+  state;
+  #internal;
+  memory;
+  #piniaEnabled = false;
+  constructor(ctx, options) {
+    this.ctx = ctx;
+    this.options = options;
+    this.state = options.initialState;
+    this.#initState();
+  }
+  // ------------------------------------
+  // Universal
+  // ------------------------------------
+  setUniversal(key, value, include = { cookie: true, session: true, local: true }) {
+    if (isUnset(value)) {
+      return this.removeUniversal(key);
+    }
+    const storeMethods = {
+      cookie: (k, v, o) => this.setCookie(k, v, o),
+      session: (k, v) => this.setSessionStorage(k, v),
+      local: (k, v) => this.setLocalStorage(k, v)
+    };
+    Object.entries(include).filter(([_, shouldInclude]) => shouldInclude).forEach(([method, opts]) => {
+      if (method === "cookie" && typeof opts === "object") {
+        return storeMethods[method]?.(key, value, opts);
+      }
+      return storeMethods[method]?.(key, value);
+    });
+    this.setState(key, value);
+    return value;
+  }
+  getUniversal(key) {
+    const sourceOrder = [
+      () => this.getCookie(key),
+      () => this.getLocalStorage(key),
+      () => this.getSessionStorage(key),
+      () => this.getState(key)
+    ];
+    if (process.server) {
+      sourceOrder.unshift(() => this.getState(key));
+    }
+    for (let getter of sourceOrder) {
+      const value = getter();
+      if (!isUnset(value)) {
+        return value;
+      }
+    }
+  }
+  syncUniversal(key, defaultValue, include = { cookie: true, session: true, local: true }) {
+    let value = this.getUniversal(key);
+    if (isUnset(value) && isSet(defaultValue)) {
+      value = defaultValue;
+    }
+    if (isSet(value)) {
+      this.getCookie(key) ? this.setUniversal(key, value, { ...include, cookie: false }) : this.setUniversal(key, value, include);
+    }
+    return value;
+  }
+  removeUniversal(key) {
+    this.removeState(key);
+    this.removeCookie(key);
+    this.removeLocalStorage(key);
+    this.removeSessionStorage(key);
+  }
+  // ------------------------------------
+  // Local state (reactive)
+  // ------------------------------------
+  async #initState() {
+    const pinia = this.ctx.$pinia;
+    this.#piniaEnabled = this.options.stores.pinia?.enabled && !!pinia;
+    if (this.#piniaEnabled) {
+      this.#PiniaStore = defineStore(this.options.stores.pinia?.namespace, {
+        state: () => ({ ...this.options.initialState })
+      });
+      this.#initPiniaStore = this.#PiniaStore(pinia);
+      this.state = this.#initPiniaStore;
+    } else {
+      this.#initStore = useState(this.options.stores.state?.namespace, () => ({
+        ...this.options.initialState
+      }));
+      this.state = this.#initStore.value;
+    }
+    this.#internal = useState("auth-internal", () => ({}));
+    this.memory = this.#internal.value;
+  }
+  get pinia() {
+    return this.#initPiniaStore;
+  }
+  get store() {
+    return this.#initStore;
+  }
+  setState(key, value) {
+    if (key.startsWith("_")) {
+      this.memory[key] = value;
+    } else if (this.#piniaEnabled) {
+      this.#initPiniaStore.$patch({ [key]: value });
+    } else {
+      this.state[key] = value;
+    }
+    return this.state[key];
+  }
+  getState(key) {
+    if (!key.startsWith("_")) {
+      return this.state[key];
+    } else {
+      return this.memory[key];
+    }
+  }
+  watchState(watchKey, fn) {
+    if (this.#piniaEnabled) {
+      watch(() => this.#initPiniaStore?.[watchKey], (modified) => {
+        fn(modified);
+      }, { deep: true });
+    } else {
+      watch(() => this.#initStore?.value?.[watchKey], (modified) => {
+        fn(modified);
+      }, { deep: true });
+    }
+  }
+  removeState(key) {
+    this.setState(key, void 0);
+  }
+  // ------------------------------------
+  // Local storage
+  // ------------------------------------
+  setLocalStorage(key, value) {
+    if (isUnset(value)) {
+      return this.removeLocalStorage(key);
+    }
+    if (!this.isLocalStorageEnabled()) return;
+    try {
+      const prefixedKey = `${this.options.stores.local?.prefix}${key}`;
+      localStorage.setItem(prefixedKey, encodeValue(value));
+    } catch (e) {
+      if (!this.options.ignoreExceptions) throw e;
+    }
+    return value;
+  }
+  getLocalStorage(key) {
+    if (!this.isLocalStorageEnabled()) {
+      return;
+    }
+    const prefixedKey = `${this.options.stores.local?.prefix}${key}`;
+    return decodeValue(localStorage.getItem(prefixedKey));
+  }
+  removeLocalStorage(key) {
+    if (!this.isLocalStorageEnabled()) {
+      return;
+    }
+    const prefixedKey = `${this.options.stores.local?.prefix}${key}`;
+    localStorage.removeItem(prefixedKey);
+  }
+  isLocalStorageEnabled() {
+    const isNotServer = !process.server;
+    const isConfigEnabled = this.options.stores.local?.enabled;
+    const localTest = "test";
+    if (isNotServer && isConfigEnabled) {
+      try {
+        localStorage.setItem(localTest, localTest);
+        localStorage.removeItem(localTest);
+        return true;
+      } catch (e) {
+        if (!this.options.ignoreExceptions) {
+          console.warn("[AUTH] Local storage is enabled in config, but the browser does not support it.");
+        }
+      }
+    }
+    return false;
+  }
+  // ------------------------------------
+  // Session storage
+  // ------------------------------------
+  setSessionStorage(key, value) {
+    if (isUnset(value)) {
+      return this.removeSessionStorage(key);
+    }
+    if (!this.isSessionStorageEnabled()) return;
+    try {
+      const prefixedKey = `${this.options.stores.session.prefix}${key}`;
+      sessionStorage.setItem(prefixedKey, encodeValue(value));
+    } catch (e) {
+      if (!this.options.ignoreExceptions) throw e;
+    }
+    return value;
+  }
+  getSessionStorage(key) {
+    if (!this.isSessionStorageEnabled()) {
+      return;
+    }
+    const prefixedKey = this.options.stores.session.prefix + key;
+    const value = sessionStorage.getItem(prefixedKey);
+    return decodeValue(value);
+  }
+  removeSessionStorage(key) {
+    if (!this.isSessionStorageEnabled()) {
+      return;
+    }
+    const prefixedKey = this.options.stores.session.prefix + key;
+    sessionStorage.removeItem(prefixedKey);
+  }
+  isSessionStorageEnabled() {
+    const isNotServer = !process.server;
+    const isConfigEnabled = this.options.stores.session?.enabled;
+    const testKey = "test";
+    if (isNotServer && isConfigEnabled) {
+      try {
+        sessionStorage.setItem(testKey, testKey);
+        sessionStorage.removeItem(testKey);
+        return true;
+      } catch (e) {
+        if (!this.options.ignoreExceptions) {
+          console.warn("[AUTH] Session storage is enabled in config, but the browser does not support it.");
+        }
+      }
+    }
+    return false;
+  }
+  // ------------------------------------
+  // Cookie Storage
+  // ------------------------------------
+  setCookie(key, value, options = {}) {
+    if (!this.isCookiesEnabled()) {
+      return;
+    }
+    const prefix = this.options.stores.cookie?.prefix;
+    const prefixedKey = `${prefix}${key}`;
+    const $value = encodeValue(value);
+    const $options = { ...this.options.stores.cookie?.options, ...options };
+    if (isUnset(value)) {
+      $options.maxAge = -1;
+    }
+    const cookieString = serialize(prefixedKey, $value, $options);
+    if (process.client) {
+      document.cookie = cookieString;
+    } else if (process.server && this.ctx.ssrContext?.event.node.res) {
+      setH3Cookie(this.ctx.ssrContext.event, cookieString);
+    }
+  }
+  getCookies() {
+    if (!this.isCookiesEnabled()) {
+      return;
+    }
+    const cookieStr = process.client ? document.cookie : this.ctx.ssrContext.event.node.req.headers.cookie;
+    return parse(cookieStr || "") || {};
+  }
+  getCookie(key) {
+    if (!this.isCookiesEnabled()) {
+      return;
+    }
+    const prefixedKey = this.options.stores.cookie?.prefix + key;
+    const cookies = this.getCookies();
+    return decodeValue(cookies[prefixedKey] ? decodeURIComponent(cookies[prefixedKey]) : void 0);
+  }
+  removeCookie(key, options) {
+    this.setCookie(key, void 0, options);
+  }
+  isCookiesEnabled() {
+    const isNotClient = process.server;
+    const isConfigEnabled = this.options.stores.cookie?.enabled;
+    if (isConfigEnabled) {
+      if (isNotClient || window.navigator.cookieEnabled) return true;
+      console.warn("[AUTH] Cookies are enabled in config, but the browser does not support it.");
+    }
+    return false;
+  }
+}

package/dist/runtime/inc/configuration-document-request-error.d.ts

@@ -0,0 +1,3 @@
+export declare class ConfigurationDocumentRequestError extends Error {
+    constructor();
+}

package/dist/runtime/inc/configuration-document-request-error.mjs

@@ -0,0 +1,6 @@
+export class ConfigurationDocumentRequestError extends Error {
+  constructor() {
+    super("Error loading OpenIDConnect configuration document");
+    this.name = "ConfigurationDocumentRequestError";
+  }
+}

package/dist/runtime/inc/configuration-document.d.ts

@@ -0,0 +1,26 @@
+import { OpenIDConnectScheme } from '../schemes';
+import { type OpenIDConnectConfigurationDocument } from '../../types';
+import { Storage } from '../core/storage';
+/**
+ * A metadata document that contains most of the OpenID Provider's information,
+ * such as the URLs to use and the location of the service's public signing keys.
+ * You can find this document by appending the discovery document path
+ * (/.well-known/openid-configuration) to the authority URL(https://example.com)
+ * Eg. https://example.com/.well-known/openid-configuration
+ *
+ * More info: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
+ */
+export declare class ConfigurationDocument {
+    #private;
+    scheme: OpenIDConnectScheme;
+    $storage: Storage;
+    key: string;
+    constructor(scheme: OpenIDConnectScheme, storage: Storage);
+    get(): OpenIDConnectConfigurationDocument;
+    set(value: OpenIDConnectConfigurationDocument | boolean): boolean | OpenIDConnectConfigurationDocument;
+    request(): Promise<void>;
+    validate(): void;
+    init(): Promise<void>;
+    setSchemeEndpoints(): void;
+    reset(): void;
+}

package/dist/runtime/inc/configuration-document.mjs

@@ -0,0 +1,94 @@
+import { ConfigurationDocumentRequestError } from "./configuration-document-request-error.mjs";
+import { defu } from "defu";
+const ConfigurationDocumentWarning = (message) => console.warn(`[AUTH] [OPENID CONNECT] Invalid configuration. ${message}`);
+export class ConfigurationDocument {
+  scheme;
+  $storage;
+  key;
+  constructor(scheme, storage) {
+    this.scheme = scheme;
+    this.$storage = storage;
+    this.key = "_configuration_document." + this.scheme.name;
+  }
+  #set(value) {
+    return this.$storage.setState(this.key, value);
+  }
+  get() {
+    return this.$storage.getState(this.key);
+  }
+  set(value) {
+    this.#set(value);
+    return value;
+  }
+  async request() {
+    const serverDoc = this.scheme.$auth.ctx.payload.data.$auth?.openIDConnect?.configurationDocument;
+    if (process.client && serverDoc) {
+      this.set(serverDoc);
+    }
+    if (!this.get()) {
+      const configurationDocument = await this.scheme.requestHandler.http.$get(this.scheme.options.endpoints.configuration).catch((e) => Promise.reject(e));
+      if (process.server) {
+        this.scheme.$auth.ctx.payload.data = {
+          ...this.scheme.$auth.ctx.payload.data,
+          $auth: {
+            /* use `openIDConnect` instead of `oidc` because it could not be picked up by `serverDoc` */
+            openIDConnect: {
+              configurationDocument
+            }
+          }
+        };
+      }
+      this.set(configurationDocument);
+    }
+  }
+  validate() {
+    const mapping = {
+      responseType: "response_types_supported",
+      scope: "scopes_supported",
+      grantType: "grant_types_supported",
+      acrValues: "acr_values_supported"
+    };
+    Object.keys(mapping).forEach((optionsKey) => {
+      const configDocument = this.get();
+      const configDocumentKey = mapping[optionsKey];
+      const configDocumentValues = configDocument[configDocumentKey];
+      const optionsValues = this.scheme.options[optionsKey];
+      if (typeof configDocumentValues !== "undefined") {
+        if (Array.isArray(optionsValues) && Array.isArray(configDocumentValues)) {
+          optionsValues.forEach((optionsValue) => {
+            if (!configDocumentValues.includes(optionsValue)) {
+              ConfigurationDocumentWarning(
+                `A value of scheme options ${optionsKey} is not supported by ${configDocumentKey} of by Authorization Server.`
+              );
+            }
+          });
+        }
+        if (!Array.isArray(optionsValues) && Array.isArray(configDocumentValues) && !configDocumentValues.includes(optionsValues)) {
+          ConfigurationDocumentWarning(`Value of scheme option ${optionsKey} is not supported by ${configDocumentKey} of by Authorization Server.`);
+        }
+        if (!Array.isArray(optionsValues) && !Array.isArray(configDocumentValues) && configDocumentValues !== optionsValues) {
+          ConfigurationDocumentWarning(`Value of scheme option ${optionsKey} is not supported by ${configDocumentKey} of by Authorization Server.`);
+        }
+      }
+    });
+  }
+  async init() {
+    await this.request().catch(() => {
+      throw new ConfigurationDocumentRequestError();
+    });
+    this.validate();
+    this.setSchemeEndpoints();
+  }
+  setSchemeEndpoints() {
+    const configurationDocument = this.get();
+    this.scheme.options.endpoints = defu(this.scheme.options.endpoints, {
+      authorization: configurationDocument.authorization_endpoint,
+      token: configurationDocument.token_endpoint,
+      userInfo: configurationDocument.userinfo_endpoint,
+      logout: configurationDocument.end_session_endpoint
+    });
+  }
+  reset() {
+    this.#set(false);
+  }
+}

package/dist/runtime/inc/default-properties.d.ts

@@ -0,0 +1,123 @@
+export declare const OAUTH2DEFAULTS: {
+    accessType: undefined;
+    redirectUri: undefined;
+    logoutRedirectUri: undefined;
+    clientId: undefined;
+    clientSecretTransport: string;
+    audience: undefined;
+    grantType: undefined;
+    responseMode: undefined;
+    acrValues: undefined;
+    autoLogout: boolean;
+    endpoints: {
+        logout: undefined;
+        authorization: undefined;
+        token: undefined;
+        userInfo: undefined;
+    };
+    scope: never[];
+    token: {
+        property: string;
+        expiresProperty: string;
+        type: string;
+        name: string;
+        maxAge: boolean;
+        global: boolean;
+        prefix: string;
+        expirationPrefix: string;
+    };
+    idToken: {
+        property: string;
+        maxAge: number;
+        prefix: string;
+        expirationPrefix: string;
+        httpOnly: boolean;
+    };
+    refreshToken: {
+        property: string;
+        maxAge: number;
+        prefix: string;
+        expirationPrefix: string;
+        httpOnly: boolean;
+    };
+    user: {
+        property: boolean;
+    };
+    responseType: string;
+    codeChallengeMethod: boolean;
+    clientWindow: boolean;
+    clientWindowWidth: number;
+    clientWindowHeight: number;
+};
+export declare const LOCALDEFAULTS: {
+    cookie: {
+        name: undefined;
+    };
+    endpoints: {
+        csrf: {
+            url: string;
+        };
+        login: {
+            url: string;
+            method: string;
+        };
+        logout: {
+            url: string;
+            method: string;
+        };
+        user: {
+            url: string;
+            method: string;
+        };
+        refresh: {
+            url: string;
+            method: string;
+        };
+    };
+    token: {
+        expiresProperty: string;
+        property: string;
+        type: string;
+        name: string;
+        maxAge: boolean;
+        global: boolean;
+        required: boolean;
+        prefix: string;
+        expirationPrefix: string;
+        httpOnly: boolean;
+    };
+    refreshToken: {
+        property: string;
+        data: string;
+        maxAge: number;
+        required: boolean;
+        tokenRequired: boolean;
+        prefix: string;
+        expirationPrefix: string;
+        httpOnly: boolean;
+    };
+    autoLogout: boolean;
+    user: {
+        property: string;
+        autoFetch: boolean;
+    };
+    clientId: undefined;
+    grantType: undefined;
+    scope: undefined;
+};
+export declare const ProviderAliases: {
+    'laravel/jwt': string;
+    'laravel/passport': string;
+    'laravel/sanctum': string;
+};
+export declare const BuiltinSchemes: {
+    local: string;
+    cookie: string;
+    refresh: string;
+    laravelJWT: string;
+    oauth2: string;
+    openIDConnect: string;
+    auth0: string;
+};
+export declare const LocalSchemes: string[];
+export declare const OAuth2Schemes: string[];

package/dist/runtime/inc/default-properties.mjs

@@ -0,0 +1,132 @@
+export const OAUTH2DEFAULTS = {
+  accessType: void 0,
+  redirectUri: void 0,
+  logoutRedirectUri: void 0,
+  clientId: void 0,
+  clientSecretTransport: "body",
+  audience: void 0,
+  grantType: void 0,
+  responseMode: void 0,
+  acrValues: void 0,
+  autoLogout: false,
+  endpoints: {
+    logout: void 0,
+    authorization: void 0,
+    token: void 0,
+    userInfo: void 0
+  },
+  scope: [],
+  token: {
+    property: "access_token",
+    expiresProperty: "expires_in",
+    type: "Bearer",
+    name: "Authorization",
+    maxAge: false,
+    global: true,
+    prefix: "_token.",
+    expirationPrefix: "_token_expiration."
+  },
+  idToken: {
+    property: "id_token",
+    maxAge: 1800,
+    prefix: "_id_token.",
+    expirationPrefix: "_id_token_expiration.",
+    httpOnly: false
+  },
+  refreshToken: {
+    property: "refresh_token",
+    maxAge: 60 * 60 * 24 * 30,
+    prefix: "_refresh_token.",
+    expirationPrefix: "_refresh_token_expiration.",
+    httpOnly: false
+  },
+  user: {
+    property: false
+  },
+  responseType: "token",
+  codeChallengeMethod: false,
+  clientWindow: false,
+  clientWindowWidth: 400,
+  clientWindowHeight: 600
+};
+export const LOCALDEFAULTS = {
+  cookie: {
+    name: void 0
+  },
+  endpoints: {
+    csrf: {
+      url: "/api/csrf-cookie"
+    },
+    login: {
+      url: "/api/auth/login",
+      method: "post"
+    },
+    logout: {
+      url: "/api/auth/logout",
+      method: "post"
+    },
+    user: {
+      url: "/api/auth/user",
+      method: "get"
+    },
+    refresh: {
+      url: "/api/auth/refresh",
+      method: "post"
+    }
+  },
+  token: {
+    expiresProperty: "expires_in",
+    property: "token",
+    type: "Bearer",
+    name: "Authorization",
+    maxAge: false,
+    global: true,
+    required: true,
+    prefix: "_token.",
+    expirationPrefix: "_token_expiration.",
+    httpOnly: false
+  },
+  refreshToken: {
+    property: "refresh_token",
+    data: "refresh_token",
+    maxAge: 60 * 60 * 24 * 30,
+    required: true,
+    tokenRequired: false,
+    prefix: "_refresh_token.",
+    expirationPrefix: "_refresh_token_expiration.",
+    httpOnly: false
+  },
+  autoLogout: false,
+  user: {
+    property: "user",
+    autoFetch: true
+  },
+  clientId: void 0,
+  grantType: void 0,
+  scope: void 0
+};
+export const ProviderAliases = {
+  "laravel/jwt": "laravelJWT",
+  "laravel/passport": "laravelPassport",
+  "laravel/sanctum": "laravelSanctum"
+};
+export const BuiltinSchemes = {
+  local: "LocalScheme",
+  cookie: "CookieScheme",
+  refresh: "RefreshScheme",
+  laravelJWT: "LaravelJWTScheme",
+  oauth2: "Oauth2Scheme",
+  openIDConnect: "OpenIDConnectScheme",
+  auth0: "Auth0Scheme"
+};
+export const LocalSchemes = [
+  "local",
+  "cookie",
+  "refresh",
+  "laravelJWT"
+];
+export const OAuth2Schemes = [
+  "oauth",
+  "openIDConnect",
+  "auth0"
+];

package/dist/runtime/inc/expired-auth-session-error.d.ts

@@ -0,0 +1,3 @@
+export declare class ExpiredAuthSessionError extends Error {
+    constructor();
+}

package/dist/runtime/inc/expired-auth-session-error.mjs

@@ -0,0 +1,6 @@
+export class ExpiredAuthSessionError extends Error {
+  constructor() {
+    super("Both token and refresh token have expired. Your request was aborted.");
+    this.name = "ExpiredAuthSessionError";
+  }
+}

package/dist/runtime/inc/id-token.d.ts

@@ -0,0 +1,15 @@
+import type { IdTokenableScheme } from '../../types';
+import type { Storage } from '../core';
+import { TokenStatus } from './token-status';
+export declare class IdToken {
+    #private;
+    scheme: IdTokenableScheme;
+    $storage: Storage;
+    constructor(scheme: IdTokenableScheme, storage: Storage);
+    get(): string | boolean;
+    set(tokenValue: string | boolean): string | boolean;
+    sync(): string | boolean | void | null | undefined;
+    reset(): void;
+    status(): TokenStatus;
+    userInfo(): import("../../types").UserInfo | undefined;
+}