oauth.do 0.1.14 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +231 -6
  3. package/bin/duckdb-auth +71 -0
  4. package/dist/cli.js +125 -276
  5. package/dist/cli.js.map +1 -1
  6. package/dist/hono.d.ts +137 -0
  7. package/dist/hono.js +198 -0
  8. package/dist/hono.js.map +1 -0
  9. package/dist/index.d.ts +6 -90
  10. package/dist/index.js +77 -24
  11. package/dist/index.js.map +1 -1
  12. package/dist/node.d.ts +2 -1
  13. package/dist/node.js +151 -101
  14. package/dist/node.js.map +1 -1
  15. package/dist/react.d.ts +200 -0
  16. package/dist/react.js +67 -0
  17. package/dist/react.js.map +1 -0
  18. package/dist/types-export.d.ts +90 -0
  19. package/dist/types-export.js +3 -0
  20. package/dist/types-export.js.map +1 -0
  21. package/package.json +79 -9
package/dist/cli.js CHANGED
@@ -11,10 +11,6 @@ var __esm = (fn, res) => function __init() {
11
11
  var __commonJS = (cb, mod) => function __require() {
12
12
  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
13
13
  };
14
- var __export = (target, all) => {
15
- for (var name in all)
16
- __defProp(target, name, { get: all[name], enumerable: true });
17
- };
18
14
  var __copyProps = (to, from, except, desc) => {
19
15
  if (from && typeof from === "object" || typeof from === "function") {
20
16
  for (let key of __getOwnPropNames(from))
@@ -32,24 +28,21 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
32
28
  mod
33
29
  ));
34
30
 
35
- // src/storage.ts
36
- var storage_exports = {};
37
- __export(storage_exports, {
38
- CompositeTokenStorage: () => CompositeTokenStorage,
39
- FileTokenStorage: () => FileTokenStorage,
40
- KeychainTokenStorage: () => KeychainTokenStorage,
41
- LocalStorageTokenStorage: () => LocalStorageTokenStorage,
42
- MemoryTokenStorage: () => MemoryTokenStorage,
43
- SecureFileTokenStorage: () => SecureFileTokenStorage,
44
- createSecureStorage: () => createSecureStorage
31
+ // src/utils.ts
32
+ function getEnv(key) {
33
+ if (globalThis[key]) return globalThis[key];
34
+ if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
35
+ return void 0;
36
+ }
37
+ var init_utils = __esm({
38
+ "src/utils.ts"() {
39
+ }
45
40
  });
41
+
42
+ // src/storage.ts
46
43
  function isNode() {
47
44
  return typeof process !== "undefined" && process.versions != null && process.versions.node != null;
48
45
  }
49
- function getEnv2(key) {
50
- if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
51
- return void 0;
52
- }
53
46
  function createSecureStorage(storagePath) {
54
47
  if (isNode()) {
55
48
  return new SecureFileTokenStorage(storagePath);
@@ -59,100 +52,10 @@ function createSecureStorage(storagePath) {
59
52
  }
60
53
  return new MemoryTokenStorage();
61
54
  }
62
- var KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT, KeychainTokenStorage, SecureFileTokenStorage, FileTokenStorage, MemoryTokenStorage, LocalStorageTokenStorage, CompositeTokenStorage;
55
+ var SecureFileTokenStorage, MemoryTokenStorage, LocalStorageTokenStorage;
63
56
  var init_storage = __esm({
64
57
  "src/storage.ts"() {
65
- KEYCHAIN_SERVICE = "oauth.do";
66
- KEYCHAIN_ACCOUNT = "access_token";
67
- KeychainTokenStorage = class {
68
- keytar = null;
69
- initialized = false;
70
- /**
71
- * Lazily load keytar module
72
- * Returns null if keytar is not available (e.g., missing native dependencies)
73
- */
74
- async getKeytar() {
75
- if (this.initialized) {
76
- return this.keytar;
77
- }
78
- this.initialized = true;
79
- try {
80
- const imported = await import('keytar');
81
- const keytarModule = imported.default || imported;
82
- this.keytar = keytarModule;
83
- if (typeof this.keytar.getPassword !== "function") {
84
- if (getEnv2("DEBUG")) {
85
- console.warn("Keytar module loaded but getPassword is not a function:", Object.keys(this.keytar));
86
- }
87
- this.keytar = null;
88
- return null;
89
- }
90
- return this.keytar;
91
- } catch (error) {
92
- if (getEnv2("DEBUG")) {
93
- console.warn("Keychain storage not available:", error);
94
- }
95
- return null;
96
- }
97
- }
98
- async getToken() {
99
- const keytar = await this.getKeytar();
100
- if (!keytar) {
101
- return null;
102
- }
103
- try {
104
- const token = await keytar.getPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
105
- return token;
106
- } catch (error) {
107
- if (getEnv2("DEBUG")) {
108
- console.warn("Failed to get token from keychain:", error);
109
- }
110
- return null;
111
- }
112
- }
113
- async setToken(token) {
114
- try {
115
- const keytar = await this.getKeytar();
116
- if (!keytar) {
117
- throw new Error("Keychain storage not available");
118
- }
119
- await keytar.setPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT, token);
120
- } catch (error) {
121
- if (error?.code === "MODULE_NOT_FOUND" || error?.message?.includes("Cannot find module")) {
122
- throw new Error("Keychain storage not available: native module not built");
123
- }
124
- throw new Error(`Failed to save token to keychain: ${error}`);
125
- }
126
- }
127
- async removeToken() {
128
- const keytar = await this.getKeytar();
129
- if (!keytar) {
130
- return;
131
- }
132
- try {
133
- await keytar.deletePassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
134
- } catch {
135
- }
136
- }
137
- /**
138
- * Check if keychain storage is available on this system
139
- */
140
- async isAvailable() {
141
- try {
142
- const keytar = await this.getKeytar();
143
- if (!keytar) {
144
- return false;
145
- }
146
- await keytar.getPassword(KEYCHAIN_SERVICE, "__test__");
147
- return true;
148
- } catch (error) {
149
- if (getEnv2("DEBUG")) {
150
- console.warn("Keychain not available:", error);
151
- }
152
- return false;
153
- }
154
- }
155
- };
58
+ init_utils();
156
59
  SecureFileTokenStorage = class {
157
60
  tokenPath = null;
158
61
  configDir = null;
@@ -191,7 +94,7 @@ var init_storage = __esm({
191
94
  const fs = await import('fs/promises');
192
95
  const stats = await fs.stat(this.tokenPath);
193
96
  const mode = stats.mode & 511;
194
- if (mode !== 384 && getEnv2("DEBUG")) {
97
+ if (mode !== 384 && getEnv("DEBUG")) {
195
98
  console.warn(
196
99
  `Warning: Token file has insecure permissions (${mode.toString(8)}). Expected 600. Run: chmod 600 ${this.tokenPath}`
197
100
  );
@@ -254,56 +157,6 @@ var init_storage = __esm({
254
157
  return { type: "file", secure: true, path: this.tokenPath };
255
158
  }
256
159
  };
257
- FileTokenStorage = class {
258
- tokenPath = null;
259
- configDir = null;
260
- initialized = false;
261
- async init() {
262
- if (this.initialized) return this.tokenPath !== null;
263
- this.initialized = true;
264
- if (!isNode()) return false;
265
- try {
266
- const os = await import('os');
267
- const path = await import('path');
268
- this.configDir = path.join(os.homedir(), ".oauth.do");
269
- this.tokenPath = path.join(this.configDir, "token");
270
- return true;
271
- } catch {
272
- return false;
273
- }
274
- }
275
- async getToken() {
276
- if (!await this.init() || !this.tokenPath) return null;
277
- try {
278
- const fs = await import('fs/promises');
279
- const token = await fs.readFile(this.tokenPath, "utf-8");
280
- return token.trim();
281
- } catch {
282
- return null;
283
- }
284
- }
285
- async setToken(token) {
286
- if (!await this.init() || !this.tokenPath || !this.configDir) {
287
- throw new Error("File storage not available");
288
- }
289
- try {
290
- const fs = await import('fs/promises');
291
- await fs.mkdir(this.configDir, { recursive: true });
292
- await fs.writeFile(this.tokenPath, token, "utf-8");
293
- } catch (error) {
294
- console.error("Failed to save token:", error);
295
- throw error;
296
- }
297
- }
298
- async removeToken() {
299
- if (!await this.init() || !this.tokenPath) return;
300
- try {
301
- const fs = await import('fs/promises');
302
- await fs.unlink(this.tokenPath);
303
- } catch {
304
- }
305
- }
306
- };
307
160
  MemoryTokenStorage = class {
308
161
  token = null;
309
162
  async getToken() {
@@ -337,66 +190,6 @@ var init_storage = __esm({
337
190
  localStorage.removeItem(this.key);
338
191
  }
339
192
  };
340
- CompositeTokenStorage = class {
341
- keychainStorage;
342
- fileStorage;
343
- preferredStorage = null;
344
- constructor() {
345
- this.keychainStorage = new KeychainTokenStorage();
346
- this.fileStorage = new SecureFileTokenStorage();
347
- }
348
- /**
349
- * Determine the best available storage backend
350
- */
351
- async getPreferredStorage() {
352
- if (this.preferredStorage) {
353
- return this.preferredStorage;
354
- }
355
- if (await this.keychainStorage.isAvailable()) {
356
- this.preferredStorage = this.keychainStorage;
357
- return this.preferredStorage;
358
- }
359
- this.preferredStorage = this.fileStorage;
360
- return this.preferredStorage;
361
- }
362
- async getToken() {
363
- const keychainToken = await this.keychainStorage.getToken();
364
- if (keychainToken) {
365
- return keychainToken;
366
- }
367
- const fileToken = await this.fileStorage.getToken();
368
- if (fileToken) {
369
- if (await this.keychainStorage.isAvailable()) {
370
- try {
371
- await this.keychainStorage.setToken(fileToken);
372
- await this.fileStorage.removeToken();
373
- if (getEnv2("DEBUG")) {
374
- console.log("Migrated token from file to keychain");
375
- }
376
- } catch {
377
- }
378
- }
379
- return fileToken;
380
- }
381
- return null;
382
- }
383
- async setToken(token) {
384
- const storage2 = await this.getPreferredStorage();
385
- await storage2.setToken(token);
386
- }
387
- async removeToken() {
388
- await Promise.all([this.keychainStorage.removeToken(), this.fileStorage.removeToken()]);
389
- }
390
- /**
391
- * Get information about the current storage backend
392
- */
393
- async getStorageInfo() {
394
- if (await this.keychainStorage.isAvailable()) {
395
- return { type: "keychain", secure: true };
396
- }
397
- return { type: "file", secure: true };
398
- }
399
- };
400
193
  }
401
194
  });
402
195
 
@@ -405,13 +198,14 @@ var require_package = __commonJS({
405
198
  "package.json"(exports$1, module) {
406
199
  module.exports = {
407
200
  name: "oauth.do",
408
- version: "0.1.14",
409
- description: "OAuth authentication SDK and CLI for .do Platform",
201
+ version: "0.2.0",
202
+ description: "OAuth authentication SDK, React components, and Hono middleware for org.ai identity",
410
203
  type: "module",
411
204
  main: "./dist/index.js",
412
205
  types: "./dist/index.d.ts",
413
206
  bin: {
414
- "oauth.do": "./dist/cli.js"
207
+ "oauth.do": "./dist/cli.js",
208
+ "duckdb-auth": "./bin/duckdb-auth"
415
209
  },
416
210
  exports: {
417
211
  ".": {
@@ -426,10 +220,27 @@ var require_package = __commonJS({
426
220
  require: "./dist/node.js",
427
221
  default: "./dist/node.js"
428
222
  },
223
+ "./react": {
224
+ types: "./dist/react.d.ts",
225
+ import: "./dist/react.js",
226
+ require: "./dist/react.js",
227
+ default: "./dist/react.js"
228
+ },
229
+ "./hono": {
230
+ types: "./dist/hono.d.ts",
231
+ import: "./dist/hono.js",
232
+ require: "./dist/hono.js",
233
+ default: "./dist/hono.js"
234
+ },
235
+ "./types": {
236
+ types: "./dist/types-export.d.ts",
237
+ import: "./dist/types-export.js"
238
+ },
429
239
  "./mdx/*": "./src/mdx/*"
430
240
  },
431
241
  files: [
432
242
  "dist",
243
+ "bin",
433
244
  "src/mdx",
434
245
  "README.md",
435
246
  "LICENSE"
@@ -447,16 +258,19 @@ var require_package = __commonJS({
447
258
  "authentication",
448
259
  "auth",
449
260
  "login",
450
- "api-key",
261
+ "identity",
451
262
  "cli",
452
263
  "sdk",
453
- "platform",
454
- "workos"
264
+ "org-ai",
265
+ "workos",
266
+ "authkit",
267
+ "react",
268
+ "hono"
455
269
  ],
456
270
  author: {
457
- name: "Platform.do",
458
- email: "npm@platform.do",
459
- url: "https://platform.do"
271
+ name: "org.ai",
272
+ email: "npm@org.ai",
273
+ url: "https://org.ai"
460
274
  },
461
275
  license: "MIT",
462
276
  repository: {
@@ -476,8 +290,57 @@ var require_package = __commonJS({
476
290
  optionalDependencies: {
477
291
  keytar: "^7.9.0"
478
292
  },
293
+ peerDependencies: {
294
+ "@radix-ui/themes": ">=3.0.0",
295
+ "@tanstack/react-query": ">=5.0.0",
296
+ "@workos-inc/authkit-react": ">=0.5.0",
297
+ "@workos-inc/widgets": ">=1.0.0",
298
+ hono: ">=4.0.0",
299
+ jose: ">=5.0.0",
300
+ react: ">=18.0.0",
301
+ "react-dom": ">=18.0.0"
302
+ },
303
+ peerDependenciesMeta: {
304
+ "@radix-ui/themes": {
305
+ optional: true
306
+ },
307
+ "@tanstack/react-query": {
308
+ optional: true
309
+ },
310
+ "@workos-inc/authkit-react": {
311
+ optional: true
312
+ },
313
+ "@workos-inc/widgets": {
314
+ optional: true
315
+ },
316
+ hono: {
317
+ optional: true
318
+ },
319
+ jose: {
320
+ optional: true
321
+ },
322
+ react: {
323
+ optional: true
324
+ },
325
+ "react-dom": {
326
+ optional: true
327
+ }
328
+ },
479
329
  devDependencies: {
330
+ "@radix-ui/themes": "^3.0.0",
331
+ "@tanstack/react-query": "^5.0.0",
332
+ "@testing-library/jest-dom": "^6.9.1",
333
+ "@testing-library/react": "^16.3.2",
480
334
  "@types/node": "^24.10.1",
335
+ "@types/react": "^18.2.0",
336
+ "@types/react-dom": "^18.2.0",
337
+ "@workos-inc/authkit-react": "^0.16.0",
338
+ "@workos-inc/widgets": "^1.0.0",
339
+ hono: "^4.0.0",
340
+ jose: "^5.0.0",
341
+ jsdom: "^27.4.0",
342
+ react: "^18.2.0",
343
+ "react-dom": "^18.2.0",
481
344
  tsup: "^8.0.0",
482
345
  typescript: "^5.5.2",
483
346
  vitest: "^2.1.8"
@@ -487,11 +350,7 @@ var require_package = __commonJS({
487
350
  });
488
351
 
489
352
  // src/config.ts
490
- function getEnv(key) {
491
- if (globalThis[key]) return globalThis[key];
492
- if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
493
- return void 0;
494
- }
353
+ init_utils();
495
354
  var globalConfig = {
496
355
  apiUrl: getEnv("OAUTH_API_URL") || getEnv("API_URL") || "https://apis.do",
497
356
  clientId: getEnv("OAUTH_CLIENT_ID") || "client_01JQYTRXK9ZPD8JPJTKDCRB656",
@@ -596,22 +455,37 @@ async function pollForTokens(deviceCode, interval = 5, expiresIn = 600) {
596
455
  }
597
456
 
598
457
  // src/auth.ts
599
- async function resolveSecret(value) {
600
- if (!value) return null;
601
- if (typeof value === "string") return value;
602
- if (typeof value === "object" && typeof value.get === "function") {
603
- return await value.get();
458
+ init_utils();
459
+ async function getUser(token) {
460
+ const config = getConfig();
461
+ const authToken = token || getEnv("DO_TOKEN") || "";
462
+ if (!authToken) {
463
+ return { user: null };
464
+ }
465
+ try {
466
+ const response = await config.fetch(`${config.apiUrl}/me`, {
467
+ method: "GET",
468
+ headers: {
469
+ "Authorization": `Bearer ${authToken}`,
470
+ "Content-Type": "application/json"
471
+ }
472
+ });
473
+ if (!response.ok) {
474
+ if (response.status === 401) {
475
+ return { user: null };
476
+ }
477
+ throw new Error(`Authentication failed: ${response.statusText}`);
478
+ }
479
+ const user = await response.json();
480
+ return { user, token: authToken };
481
+ } catch (error) {
482
+ console.error("Auth error:", error);
483
+ return { user: null };
604
484
  }
605
- return null;
606
- }
607
- function getEnv3(key) {
608
- if (globalThis[key]) return globalThis[key];
609
- if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
610
- return void 0;
611
485
  }
612
486
  async function logout(token) {
613
487
  const config = getConfig();
614
- const authToken = token || getEnv3("DO_TOKEN") || "";
488
+ const authToken = token || getEnv("DO_TOKEN") || "";
615
489
  if (!authToken) {
616
490
  return;
617
491
  }
@@ -630,31 +504,6 @@ async function logout(token) {
630
504
  console.error("Logout error:", error);
631
505
  }
632
506
  }
633
- async function getToken() {
634
- const adminToken = getEnv3("DO_ADMIN_TOKEN");
635
- if (adminToken) return adminToken;
636
- const doToken = getEnv3("DO_TOKEN");
637
- if (doToken) return doToken;
638
- try {
639
- const { env } = await import('cloudflare:workers');
640
- const cfAdminToken = await resolveSecret(env.DO_ADMIN_TOKEN);
641
- if (cfAdminToken) return cfAdminToken;
642
- const cfToken = await resolveSecret(env.DO_TOKEN);
643
- if (cfToken) return cfToken;
644
- } catch {
645
- }
646
- try {
647
- const { createSecureStorage: createSecureStorage2 } = await Promise.resolve().then(() => (init_storage(), storage_exports));
648
- const config = getConfig();
649
- const storage2 = createSecureStorage2(config.storagePath);
650
- return await storage2.getToken();
651
- } catch {
652
- return null;
653
- }
654
- }
655
- function auth() {
656
- return getToken;
657
- }
658
507
 
659
508
  // src/cli.ts
660
509
  init_storage();
@@ -777,7 +626,7 @@ ${colors.dim}Waiting for authorization...${colors.reset}
777
626
  authResponse.expires_in
778
627
  );
779
628
  await storage.setToken(tokenResponse.access_token);
780
- const authResult = await auth(tokenResponse.access_token);
629
+ const authResult = await getUser(tokenResponse.access_token);
781
630
  printSuccess("Login successful!");
782
631
  if (authResult.user) {
783
632
  console.log(`
@@ -824,7 +673,7 @@ async function whoamiCommand() {
824
673
  Run ${colors.cyan}oauth.do login${colors.reset} to authenticate`);
825
674
  return;
826
675
  }
827
- const authResult = await auth(token);
676
+ const authResult = await getUser(token);
828
677
  if (!authResult.user) {
829
678
  console.log(`${colors.dim}Not authenticated${colors.reset}`);
830
679
  console.log(`
@@ -879,7 +728,7 @@ ${colors.cyan}Auth:${colors.reset} ${colors.dim}Not authenticated${colors.reset}
879
728
  Run ${colors.cyan}oauth.do login${colors.reset} to authenticate`);
880
729
  return;
881
730
  }
882
- const authResult = await auth(token);
731
+ const authResult = await getUser(token);
883
732
  if (authResult.user) {
884
733
  console.log(`
885
734
  ${colors.cyan}Auth:${colors.reset} ${colors.green}Authenticated${colors.reset}`);
@@ -901,7 +750,7 @@ async function autoLoginOrShowUser() {
901
750
  try {
902
751
  const token = await storage.getToken();
903
752
  if (token) {
904
- const authResult = await auth(token);
753
+ const authResult = await getUser(token);
905
754
  if (authResult.user) {
906
755
  console.log(`${colors.green}\u2713${colors.reset} Already authenticated
907
756
  `);