sst 3.0.0 → 3.0.1-10

package/node/future/auth/adapter/link.js

@@ -1,47 +0,0 @@
-import { createSigner, createVerifier } from "fast-jwt";
-import { Config } from "../../../config/index.js";
-import { useDomainName, usePathParam, useQueryParam, useQueryParams, } from "../../../api/index.js";
-export function LinkAdapter(config) {
-    return async function () {
-        // @ts-expect-error
-        const key = Config[process.env.AUTH_ID + "PrivateKey"];
-        // @ts-expect-error
-        const publicKey = Config[process.env.AUTH_ID + "PublicKey"];
-        const signer = createSigner({
-            expiresIn: 1000 * 60 * 10,
-            key,
-            algorithm: "RS512",
-        });
-        const callback = "https://" + useDomainName() + "/callback";
-        const step = usePathParam("step");
-        if (step === "authorize") {
-            const url = new URL(callback);
-            const claims = useQueryParams();
-            url.searchParams.append("token", signer(claims));
-            return {
-                type: "step",
-                properties: await config.onLink(url.toString(), claims),
-            };
-        }
-        if (step === "callback") {
-            const token = useQueryParam("token");
-            if (!token)
-                throw new Error("Missing token parameter");
-            try {
-                const verifier = createVerifier({
-                    algorithms: ["RS512"],
-                    key: publicKey,
-                });
-                const jwt = verifier(token);
-                return {
-                    type: "success",
-                    properties: jwt,
-                };
-            }
-            catch (ex) { }
-        }
-        return {
-            type: "error",
-        };
-    };
-}

package/node/future/auth/adapter/microsoft.d.ts

@@ -1,22 +0,0 @@
-import { OidcBasicConfig } from "./oidc.js";
-type MicrosoftConfig = OidcBasicConfig & {
-    mode: "oidc";
-    prompt?: "login" | "none" | "consent" | "select_account";
-    tenantID?: string;
-};
-export declare function MicrosoftAdapter(config: MicrosoftConfig): () => Promise<{
-    type: "success";
-    properties: {
-        tokenset: import("openid-client").TokenSet;
-        client: import("openid-client").BaseClient;
-    };
-} | {
-    type: "step";
-    properties: {
-        statusCode: number;
-        headers: {
-            location: string;
-        };
-    };
-}>;
-export {};

package/node/future/auth/adapter/microsoft.js

@@ -1,16 +0,0 @@
-import { Issuer } from "openid-client";
-import { OidcAdapter } from "./oidc.js";
-export function MicrosoftAdapter(config) {
-    const authority = config?.tenantID ?? "common";
-    const issuer = `https://login.microsoftonline.com/${authority}`;
-    return OidcAdapter({
-        issuer: new Issuer({
-            issuer: `${issuer}/v2.0`,
-            authorization_endpoint: `${issuer}/oauth2/v2.0/authorize`,
-            token_endpoint: `${issuer}/oauth2/v2.0/token`,
-            jwks_uri: `${issuer}/discovery/v2.0/keys`,
-        }),
-        scope: "openid email profile",
-        ...config,
-    });
-}

package/node/future/auth/adapter/oauth.d.ts

@@ -1,41 +0,0 @@
-import { BaseClient, Issuer, TokenSet } from "openid-client";
-export interface OauthBasicConfig {
-    /**
-     * The clientID provided by the third party oauth service
-     */
-    clientID: string;
-    /**
-     * The clientSecret provided by the third party oauth service
-     */
-    clientSecret: string;
-    /**
-     * Various scopes requested for the access token
-     */
-    scope: string;
-    /**
-     * Determines whether users will be prompted for reauthentication and consent
-     */
-    prompt?: string;
-    /**
-     * Additional parameters to be passed to the authorization endpoint
-     */
-    params?: Record<string, string>;
-}
-export interface OauthConfig extends OauthBasicConfig {
-    issuer: Issuer;
-}
-export declare const OauthAdapter: (config: OauthConfig) => () => Promise<{
-    type: "success";
-    properties: {
-        tokenset: TokenSet;
-        client: BaseClient;
-    };
-} | {
-    type: "step";
-    properties: {
-        statusCode: number;
-        headers: {
-            location: string;
-        };
-    };
-}>;

package/node/future/auth/adapter/oauth.js

@@ -1,67 +0,0 @@
-import { generators } from "openid-client";
-import { useCookie, useDomainName, usePathParam, useQueryParams, useResponse, } from "../../../api/index.js";
-export const OauthAdapter = 
-/* @__PURE__ */
-(config) => {
-    return async function () {
-        const step = usePathParam("step");
-        const callback = "https://" + useDomainName() + "/callback";
-        const client = new config.issuer.Client({
-            client_id: config.clientID,
-            client_secret: config.clientSecret,
-            redirect_uris: [callback],
-            response_types: ["code"],
-        });
-        if (step === "authorize") {
-            const code_verifier = generators.codeVerifier();
-            const state = generators.state();
-            const code_challenge = generators.codeChallenge(code_verifier);
-            const url = client.authorizationUrl({
-                scope: config.scope,
-                code_challenge: code_challenge,
-                code_challenge_method: "S256",
-                state,
-                prompt: config.prompt,
-                ...config.params,
-            });
-            useResponse().cookies({
-                auth_code_verifier: code_verifier,
-                auth_state: state,
-            }, {
-                httpOnly: true,
-                secure: true,
-                maxAge: 60 * 10,
-                sameSite: "None",
-            });
-            return {
-                type: "step",
-                properties: {
-                    statusCode: 302,
-                    headers: {
-                        location: url,
-                    },
-                },
-            };
-        }
-        if (step === "callback") {
-            const params = useQueryParams();
-            const code_verifier = useCookie("auth_code_verifier");
-            const state = useCookie("auth_state");
-            const tokenset = await client[config.issuer.metadata.userinfo_endpoint
-                ? "callback"
-                : "oauthCallback"](callback, params, {
-                code_verifier,
-                state,
-            });
-            const x = {
-                type: "success",
-                properties: {
-                    tokenset,
-                    client,
-                },
-            };
-            return x;
-        }
-        throw new Error("Invalid auth request");
-    };
-};

package/node/future/auth/adapter/oidc.d.ts

@@ -1,30 +0,0 @@
-import { Issuer } from "openid-client";
-export interface OidcBasicConfig {
-    /**
-     * The clientID provided by the third party oauth service
-     */
-    clientID: string;
-    /**
-     * Determines whether users will be prompted for reauthentication and consent
-     */
-    prompt?: string;
-}
-export interface OidcConfig extends OidcBasicConfig {
-    issuer: Issuer;
-    scope: string;
-}
-export declare const OidcAdapter: (config: OidcConfig) => () => Promise<{
-    type: "success";
-    properties: {
-        tokenset: import("openid-client").TokenSet;
-        client: import("openid-client").BaseClient;
-    };
-} | {
-    type: "step";
-    properties: {
-        statusCode: number;
-        headers: {
-            location: string;
-        };
-    };
-}>;

package/node/future/auth/adapter/oidc.js

@@ -1,63 +0,0 @@
-import { generators } from "openid-client";
-import { useCookie, useDomainName, useFormData, usePathParam, useResponse, } from "../../../api/index.js";
-export const OidcAdapter = /* @__PURE__ */ (config) => {
-    return async function () {
-        const step = usePathParam("step");
-        const callback = "https://" + useDomainName() + "/callback";
-        const client = new config.issuer.Client({
-            client_id: config.clientID,
-            redirect_uris: [callback],
-            response_types: ["id_token"],
-        });
-        if (step === "authorize") {
-            const nonce = generators.nonce();
-            const state = generators.state();
-            const url = client.authorizationUrl({
-                scope: config.scope,
-                response_mode: "form_post",
-                nonce,
-                state,
-                prompt: config.prompt,
-            });
-            useResponse().cookies({
-                auth_nonce: nonce,
-                auth_state: state,
-            }, {
-                httpOnly: true,
-                secure: true,
-                maxAge: 60 * 10,
-                sameSite: "None",
-            });
-            return {
-                type: "step",
-                properties: {
-                    statusCode: 302,
-                    headers: {
-                        location: url,
-                    },
-                },
-            };
-        }
-        if (step === "callback") {
-            const form = useFormData();
-            if (!form)
-                throw new Error("Missing body");
-            const params = Object.fromEntries(form.entries());
-            const nonce = useCookie("auth_nonce");
-            const state = useCookie("auth_state");
-            const tokenset = await client.callback(callback, params, {
-                nonce,
-                state,
-            });
-            const x = {
-                type: "success",
-                properties: {
-                    tokenset,
-                    client,
-                },
-            };
-            return x;
-        }
-        throw new Error("Invalid auth request");
-    };
-};

package/node/future/auth/adapter/spotify.d.ts

@@ -1,23 +0,0 @@
-import { OauthBasicConfig } from "./oauth.js";
-/**
- * The Spotify Adapter follows the PKCE flow outlined here:
- * https://developer.spotify.com/documentation/web-api/tutorials/code-pkce-flow
- *
- * List of scopes available:
- * https://developer.spotify.com/documentation/web-api/concepts/scopes
- */
-export declare const SpotifyAdapter: (config: OauthBasicConfig) => () => Promise<{
-    type: "success";
-    properties: {
-        tokenset: import("openid-client").TokenSet;
-        client: import("openid-client").BaseClient;
-    };
-} | {
-    type: "step";
-    properties: {
-        statusCode: number;
-        headers: {
-            location: string;
-        };
-    };
-}>;

package/node/future/auth/adapter/spotify.js

@@ -1,22 +0,0 @@
-import { Issuer } from "openid-client";
-import { OauthAdapter } from "./oauth.js";
-const issuer = new Issuer({
-    issuer: "https://accounts.spotify.com",
-    authorization_endpoint: "https://accounts.spotify.com/authorize",
-    token_endpoint: "https://accounts.spotify.com/api/token",
-});
-/**
- * The Spotify Adapter follows the PKCE flow outlined here:
- * https://developer.spotify.com/documentation/web-api/tutorials/code-pkce-flow
- *
- * List of scopes available:
- * https://developer.spotify.com/documentation/web-api/concepts/scopes
- */
-export const SpotifyAdapter = 
-/* @__PURE__ */
-(config) => {
-    return OauthAdapter({
-        issuer,
-        ...config,
-    });
-};

package/node/future/auth/encryption.d.ts

@@ -1,2 +0,0 @@
-export declare function encrypt(data: string): string;
-export declare function decrypt(data: string): string | undefined;

package/node/future/auth/encryption.js

@@ -1,30 +0,0 @@
-import { createCipheriv, createDecipheriv, createHash, randomBytes, } from "crypto";
-import { Config } from "../../config/index.js";
-export function encrypt(data) {
-    // @ts-expect-error
-    const key = Config[process.env.AUTH_ID + "PrivateKey"];
-    const hashed = createHash("sha256").update(key).digest();
-    const iv = randomBytes(16); // Generate a random IV (Initialization Vector)
-    const cipher = createCipheriv("aes-256-cbc", hashed, iv);
-    let encrypted = cipher.update(data, "utf8", "hex");
-    encrypted += cipher.final("hex");
-    return JSON.stringify({
-        i: iv.toString("hex"),
-        d: encrypted,
-    });
-}
-export function decrypt(data) {
-    // @ts-expect-error
-    const key = Config[process.env.AUTH_ID + "PrivateKey"];
-    const hashed = createHash("sha256").update(key).digest();
-    try {
-        const parsed = JSON.parse(data);
-        const decipher = createDecipheriv("aes-256-cbc", hashed, Buffer.from(parsed.i, "hex"));
-        let decrypted = decipher.update(parsed.d, "hex", "utf8");
-        decrypted += decipher.final("utf8");
-        return decrypted;
-    }
-    catch {
-        return;
-    }
-}

package/node/future/auth/handler.d.ts

@@ -1,46 +0,0 @@
-import { APIGatewayProxyEventV2, APIGatewayProxyStructuredResultV2 } from "aws-lambda";
-import { Adapter } from "./adapter/adapter.js";
-import { SignerOptions } from "fast-jwt";
-import { SessionBuilder, SessionValue } from "./session.js";
-interface OnSuccessResponder<T> {
-    session(input: T & Partial<SignerOptions>): {
-        type: "session";
-        properties: T;
-    };
-    http(input: APIGatewayProxyStructuredResultV2): {
-        type: "http";
-        properties: typeof input;
-    };
-}
-export declare class UnknownProviderError {
-    provider?: string | undefined;
-    constructor(provider?: string | undefined);
-}
-export declare function AuthHandler<Providers extends Record<string, Adapter<any>>, Sessions extends SessionBuilder, Result = {
-    [key in keyof Providers]: {
-        provider: key;
-    } & Extract<Awaited<ReturnType<Providers[key]>>, {
-        type: "success";
-    }>["properties"];
-}[keyof Providers]>(input: {
-    providers: Providers;
-    sessions?: Sessions;
-    /** @deprecated use allowClient callback instead */
-    clients?: () => Promise<Record<string, string>>;
-    allowClient?: (clientID: string, redirect: string) => Promise<boolean>;
-    onAuthorize?: (event: APIGatewayProxyEventV2) => Promise<void | keyof Providers>;
-    onSuccess: (input: Result, response: OnSuccessResponder<SessionValue | {
-        [key in keyof Sessions["$type"]]: {
-            type: key;
-            properties: Sessions["$type"][key];
-        };
-    }[keyof Sessions["$type"]]>) => Promise<ReturnType<OnSuccessResponder<SessionValue | {
-        [key in keyof Sessions["$type"]]: {
-            type: key;
-            properties: Sessions["$type"][key];
-        };
-    }[keyof Sessions["$type"]]>[keyof OnSuccessResponder<any>]>>;
-    onIndex?: (event: APIGatewayProxyEventV2) => Promise<APIGatewayProxyStructuredResultV2>;
-    onError?: (error: UnknownProviderError) => Promise<APIGatewayProxyStructuredResultV2 | undefined>;
-}): (event: APIGatewayProxyEventV2, context: import("aws-lambda").Context) => Promise<APIGatewayProxyStructuredResultV2>;
-export {};