sst 3.0.23 → 3.0.24

package/package.json

@@ -3,7 +3,7 @@
   "name": "sst",
   "type": "module",
   "sideEffects": false,
-  "version": "3.0.23",
+  "version": "3.0.24",
   "main": "./dist/index.js",
   "exports": {
     ".": "./dist/index.js",

package/dist/auth/adapter/adapter.d.ts

@@ -1,24 +0,0 @@
-/// <reference types="node" resolution-mode="require"/>
-import type { Context, Hono } from "hono";
-import { KeyLike } from "jose";
-export type Adapter<Properties = any> = (route: AdapterRoute, options: AdapterOptions<Properties>) => void;
-export type AdapterRoute = Hono;
-export interface AdapterOptions<Properties> {
-    name: string;
-    algorithm: string;
-    encryption: {
-        publicKey: () => Promise<KeyLike>;
-        privateKey: () => Promise<KeyLike>;
-    };
-    signing: {
-        publicKey: () => Promise<KeyLike>;
-        privateKey: () => Promise<KeyLike>;
-    };
-    success: (ctx: Context, properties: Properties) => Promise<Response>;
-    forward: (ctx: Context, response: Response) => Response;
-    cookie: (ctx: Context, key: string, value: string, maxAge: number) => void;
-}
-export declare class AdapterError extends Error {
-}
-export declare class AdapterUnknownError extends AdapterError {
-}

package/dist/auth/adapter/adapter.js

@@ -1,4 +0,0 @@
-export class AdapterError extends Error {
-}
-export class AdapterUnknownError extends AdapterError {
-}

package/dist/auth/adapter/apple.d.ts

@@ -1,5 +0,0 @@
-import { OauthBasicConfig } from "./oauth.js";
-export declare const AppleAdapter: (config: OauthBasicConfig) => (routes: import("./adapter.js").AdapterRoute, ctx: import("./adapter.js").AdapterOptions<{
-    tokenset: import("openid-client").TokenSet;
-    client: import("openid-client").BaseClient;
-}>) => Promise<void>;

package/dist/auth/adapter/apple.js

@@ -1,22 +0,0 @@
-import { Issuer } from "openid-client";
-import { OauthAdapter } from "./oauth.js";
-// This adapter support the OAuth flow with the response_mode "form_post" for now.
-// More details about the flow:
-// https://developer.apple.com/documentation/devicemanagement/user_enrollment/onboarding_users_with_account_sign-in/implementing_the_oauth2_authentication_user-enrollment_flow
-//
-// Also note that Apple's discover uri does not work for the OAuth flow, as the
-// userinfo_endpoint are not included in the response.
-// await Issuer.discover("https://appleid.apple.com/.well-known/openid-configuration/");
-const issuer = await Issuer.discover("https://appleid.apple.com/.well-known/openid-configuration");
-export const AppleAdapter = 
-/* @__PURE__ */
-(config) => {
-    return OauthAdapter({
-        issuer,
-        ...config,
-        params: {
-            ...config.params,
-            response_mode: "form_post",
-        },
-    });
-};

package/dist/auth/adapter/code.d.ts

@@ -1,8 +0,0 @@
-/// <reference types="node" resolution-mode="require"/>
-export declare function CodeAdapter(config: {
-    length?: number;
-    onCodeRequest: (code: string, claims: Record<string, any>, req: Request) => Promise<Response>;
-    onCodeInvalid: (code: string, claims: Record<string, any>, req: Request) => Promise<Response>;
-}): (routes: import("./adapter.js").AdapterRoute, ctx: import("./adapter.js").AdapterOptions<{
-    claims: Record<string, string>;
-}>) => void;

package/dist/auth/adapter/code.js

@@ -1,47 +0,0 @@
-import { deleteCookie, getCookie } from "hono/cookie";
-import { UnknownStateError } from "../index.js";
-import { CompactEncrypt, compactDecrypt } from "jose";
-export function CodeAdapter(config) {
-    const length = config.length || 6;
-    function generate() {
-        const buffer = crypto.getRandomValues(new Uint8Array(length));
-        const otp = Array.from(buffer)
-            .map((byte) => byte % 10)
-            .join("");
-        return otp;
-    }
-    return function (routes, ctx) {
-        routes.get("/authorize", async (c) => {
-            const code = generate();
-            const claims = c.req.query();
-            delete claims["client_id"];
-            delete claims["redirect_uri"];
-            delete claims["response_type"];
-            delete claims["provider"];
-            const authorization = await new CompactEncrypt(new TextEncoder().encode(JSON.stringify({
-                claims,
-                code,
-            })))
-                .setProtectedHeader({ alg: "RSA-OAEP-512", enc: "A256GCM" })
-                .encrypt(await ctx.encryption.publicKey());
-            ctx.cookie(c, "authorization", authorization, 60 * 10);
-            return ctx.forward(c, await config.onCodeRequest(code, claims, c.req.raw));
-        });
-        routes.get("/callback", async (c) => {
-            const authorization = getCookie(c, "authorization");
-            if (!authorization)
-                throw new UnknownStateError();
-            const { code, claims } = JSON.parse(new TextDecoder().decode(await compactDecrypt(authorization, await ctx.encryption.privateKey()).then((value) => value.plaintext)));
-            if (!code || !claims) {
-                return ctx.forward(c, await config.onCodeInvalid(code, claims, c.req.raw));
-            }
-            const compare = c.req.query("code");
-            console.log("comparing", code, "to", compare);
-            if (code !== compare) {
-                return ctx.forward(c, await config.onCodeInvalid(code, claims, c.req.raw));
-            }
-            deleteCookie(c, "authorization");
-            return ctx.forward(c, await ctx.success(c, { claims }));
-        });
-    };
-}

package/dist/auth/adapter/facebook.d.ts

@@ -1,5 +0,0 @@
-import { OauthBasicConfig } from "./oauth.js";
-export declare const FacebookAdapter: (config: OauthBasicConfig) => (routes: import("./adapter.js").AdapterRoute, ctx: import("./adapter.js").AdapterOptions<{
-    tokenset: import("openid-client").TokenSet;
-    client: import("openid-client").BaseClient;
-}>) => Promise<void>;

package/dist/auth/adapter/facebook.js

@@ -1,27 +0,0 @@
-import { Issuer } from "openid-client";
-import { OauthAdapter } from "./oauth.js";
-// Facebook's OIDC flow returns "id_token" as uri hash in redirect uri. Hashes
-// are not passed to Lambda event object. It is likely that Facebook only wants
-// to support redirecting to a frontend uri.
-//
-// We are only going to support the OAuth flow for now. More details about the flow:
-// https://developers.facebook.com/docs/facebook-login/guides/advanced/oidc-token
-//
-// Also note that Facebook's discover uri does not work for the OAuth flow, as the
-// token_endpoint and userinfo_endpoint are not included in the response.
-// await Issuer.discover("https://www.facebook.com/.well-known/openid-configuration/");
-const issuer = new Issuer({
-    issuer: "https://www.facebook.com",
-    authorization_endpoint: "https://facebook.com/dialog/oauth/",
-    jwks_uri: "https://www.facebook.com/.well-known/oauth/openid/jwks/",
-    token_endpoint: "https://graph.facebook.com/oauth/access_token",
-    userinfo_endpoint: "https://graph.facebook.com/oauth/access_token",
-});
-export const FacebookAdapter = 
-/* @__PURE__ */
-(config) => {
-    return OauthAdapter({
-        issuer,
-        ...config,
-    });
-};

package/dist/auth/adapter/github.d.ts

@@ -1,12 +0,0 @@
-import { OauthBasicConfig } from "./oauth.js";
-import { OidcBasicConfig } from "./oidc.js";
-type Config = ({
-    mode: "oauth";
-} & OauthBasicConfig) | ({
-    mode: "oidc";
-} & OidcBasicConfig);
-export declare const GithubAdapter: (config: Config) => (routes: import("./adapter.js").AdapterRoute, ctx: import("./adapter.js").AdapterOptions<{
-    tokenset: import("openid-client").TokenSet;
-    client: import("openid-client").BaseClient;
-}>) => Promise<void>;
-export {};

package/dist/auth/adapter/github.js

@@ -1,23 +0,0 @@
-import { Issuer } from "openid-client";
-import { OauthAdapter } from "./oauth.js";
-import { OidcAdapter } from "./oidc.js";
-const issuer = new Issuer({
-    issuer: "https://github.com",
-    authorization_endpoint: "https://github.com/login/oauth/authorize",
-    token_endpoint: "https://github.com/login/oauth/access_token",
-});
-export const GithubAdapter = 
-/* @__PURE__ */
-(config) => {
-    if (config.mode === "oauth") {
-        return OauthAdapter({
-            issuer,
-            ...config,
-        });
-    }
-    return OidcAdapter({
-        issuer,
-        scope: "openid email profile",
-        ...config,
-    });
-};

package/dist/auth/adapter/google.d.ts

@@ -1,17 +0,0 @@
-import { OidcBasicConfig } from "./oidc.js";
-import { OauthBasicConfig } from "./oauth.js";
-type GooglePrompt = "none" | "consent" | "select_account";
-type GoogleAccessType = "offline" | "online";
-type GoogleConfig = (OauthBasicConfig & {
-    mode: "oauth";
-    prompt?: GooglePrompt;
-    accessType?: GoogleAccessType;
-}) | (OidcBasicConfig & {
-    mode: "oidc";
-    prompt?: GooglePrompt;
-});
-export declare function GoogleAdapter(config: GoogleConfig): (routes: import("./adapter.js").AdapterRoute, ctx: import("./adapter.js").AdapterOptions<{
-    tokenset: import("openid-client").TokenSet;
-    client: import("openid-client").BaseClient;
-}>) => Promise<void>;
-export {};

package/dist/auth/adapter/google.js

@@ -1,22 +0,0 @@
-import { Issuer } from "openid-client";
-import { OidcAdapter } from "./oidc.js";
-import { OauthAdapter } from "./oauth.js";
-const issuer = await Issuer.discover("https://accounts.google.com");
-export function GoogleAdapter(config) {
-    /* @__PURE__ */
-    if (config.mode === "oauth") {
-        return OauthAdapter({
-            issuer,
-            ...config,
-            params: {
-                ...(config.accessType && { access_type: config.accessType }),
-                ...config.params,
-            },
-        });
-    }
-    return OidcAdapter({
-        issuer,
-        scope: "openid email profile",
-        ...config,
-    });
-}

package/dist/auth/adapter/index.d.ts

@@ -1,11 +0,0 @@
-export * from "./oidc.js";
-export * from "./google.js";
-export * from "./link.js";
-export * from "./github.js";
-export * from "./facebook.js";
-export * from "./microsoft.js";
-export * from "./oauth.js";
-export * from "./spotify.js";
-export * from "./code.js";
-export * from "./apple.js";
-export type { Adapter } from "./adapter.js";

package/dist/auth/adapter/index.js

@@ -1,10 +0,0 @@
-export * from "./oidc.js";
-export * from "./google.js";
-export * from "./link.js";
-export * from "./github.js";
-export * from "./facebook.js";
-export * from "./microsoft.js";
-export * from "./oauth.js";
-export * from "./spotify.js";
-export * from "./code.js";
-export * from "./apple.js";

package/dist/auth/adapter/link.d.ts

@@ -1,6 +0,0 @@
-/// <reference types="node" resolution-mode="require"/>
-export declare function LinkAdapter(config: {
-    onLink: (link: string, claims: Record<string, any>) => Promise<Response>;
-}): (routes: import("./adapter.js").AdapterRoute, ctx: import("./adapter.js").AdapterOptions<{
-    claims: Record<string, string>;
-}>) => void;

package/dist/auth/adapter/link.js

@@ -1,27 +0,0 @@
-import { SignJWT, jwtVerify } from "jose";
-export function LinkAdapter(config) {
-    return function (routes, ctx) {
-        routes.get("/authorize", async (c) => {
-            const token = await new SignJWT(c.req.query())
-                .setProtectedHeader({ alg: ctx.algorithm })
-                .setExpirationTime("10m")
-                .sign(await ctx.signing.privateKey());
-            const url = new URL(new URL(c.req.url).origin);
-            url.pathname = `/${ctx.name}/callback`;
-            for (const key of url.searchParams.keys()) {
-                url.searchParams.delete(key);
-            }
-            url.searchParams.set("token", token);
-            const resp = ctx.forward(c, await config.onLink(url.toString(), c.req.query()));
-            return resp;
-        });
-        routes.get("/callback", async (c) => {
-            const token = c.req.query("token");
-            if (!token)
-                throw new Error("Missing token parameter");
-            const verified = await jwtVerify(token, await ctx.signing.publicKey());
-            const resp = await ctx.success(c, { claims: verified.payload });
-            return resp;
-        });
-    };
-}

package/dist/auth/adapter/microsoft.d.ts

@@ -1,11 +0,0 @@
-import { OidcBasicConfig } from "./oidc.js";
-type MicrosoftConfig = OidcBasicConfig & {
-    mode: "oidc";
-    prompt?: "login" | "none" | "consent" | "select_account";
-    tenantID?: string;
-};
-export declare function MicrosoftAdapter(config: MicrosoftConfig): (routes: import("./adapter.js").AdapterRoute, ctx: import("./adapter.js").AdapterOptions<{
-    tokenset: import("openid-client").TokenSet;
-    client: import("openid-client").BaseClient;
-}>) => Promise<void>;
-export {};

package/dist/auth/adapter/microsoft.js

@@ -1,16 +0,0 @@
-import { Issuer } from "openid-client";
-import { OidcAdapter } from "./oidc.js";
-export function MicrosoftAdapter(config) {
-    const authority = config?.tenantID ?? "common";
-    const issuer = `https://login.microsoftonline.com/${authority}`;
-    return OidcAdapter({
-        issuer: new Issuer({
-            issuer: `${issuer}/v2.0`,
-            authorization_endpoint: `${issuer}/oauth2/v2.0/authorize`,
-            token_endpoint: `${issuer}/oauth2/v2.0/token`,
-            jwks_uri: `${issuer}/discovery/v2.0/keys`,
-        }),
-        scope: "openid email profile",
-        ...config,
-    });
-}

package/dist/auth/adapter/oauth.d.ts

@@ -1,33 +0,0 @@
-import { BaseClient, Issuer, TokenSet } from "openid-client";
-import { AdapterError } from "./adapter.js";
-export interface OauthBasicConfig {
-    /**
-     * The clientID provided by the third party oauth service
-     */
-    clientID: string;
-    /**
-     * The clientSecret provided by the third party oauth service
-     */
-    clientSecret: string;
-    /**
-     * Various scopes requested for the access token
-     */
-    scope: string;
-    /**
-     * Determines whether users will be prompted for reauthentication and consent
-     */
-    prompt?: string;
-    /**
-     * Additional parameters to be passed to the authorization endpoint
-     */
-    params?: Record<string, string>;
-}
-export interface OauthConfig extends OauthBasicConfig {
-    issuer: Issuer;
-}
-export declare class OauthError extends AdapterError {
-}
-export declare const OauthAdapter: (config: OauthConfig) => (routes: import("./adapter.js").AdapterRoute, ctx: import("./adapter.js").AdapterOptions<{
-    tokenset: TokenSet;
-    client: BaseClient;
-}>) => Promise<void>;

package/dist/auth/adapter/oauth.js

@@ -1,79 +0,0 @@
-import { generators } from "openid-client";
-import { AdapterError } from "./adapter.js";
-import { getCookie } from "hono/cookie";
-export class OauthError extends AdapterError {
-}
-export const OauthAdapter = 
-/* @__PURE__ */
-(config) => {
-    return async function (routes, ctx) {
-        function getClient(c) {
-            const callback = c.req.url.replace(/authorize\/.*$/, "callback");
-            return [
-                callback,
-                new config.issuer.Client({
-                    client_id: config.clientID,
-                    client_secret: config.clientSecret,
-                    redirect_uris: [callback],
-                    response_types: ["code"],
-                }),
-            ];
-        }
-        routes.get("/authorize", async (c) => {
-            const [_, client] = getClient(c);
-            const code_verifier = generators.codeVerifier();
-            const state = generators.state();
-            const code_challenge = generators.codeChallenge(code_verifier);
-            const url = client.authorizationUrl({
-                scope: config.scope,
-                code_challenge: code_challenge,
-                code_challenge_method: "S256",
-                state,
-                prompt: config.prompt,
-                ...config.params,
-            });
-            ctx.cookie(c, "auth_code_verifier", code_verifier, 60 * 10);
-            ctx.cookie(c, "auth_state", state, 60 * 10);
-            return c.redirect(url);
-        });
-        routes.get("/callback", async (c) => {
-            const [callback, client] = getClient(c);
-            const query = c.req.query();
-            if (query.error) {
-                throw new OauthError(query.error);
-            }
-            const code_verifier = getCookie(c, "auth_code_verifier");
-            const state = getCookie(c, "auth_state");
-            const tokenset = await client[config.issuer.metadata.userinfo_endpoint
-                ? "callback"
-                : "oauthCallback"](callback, query, {
-                code_verifier,
-                state,
-            });
-            return ctx.success(c, {
-                client,
-                tokenset,
-            });
-        });
-        // response_mode=form_post
-        routes.get("/callback", async (c) => {
-            const [callback, client] = getClient(c);
-            const form = await c.req.formData();
-            if (form.get("error")) {
-                throw new OauthError(form.get("error").toString());
-            }
-            const code_verifier = getCookie(c, "auth_code_verifier");
-            const state = getCookie(c, "auth_state");
-            const tokenset = await client[config.issuer.metadata.userinfo_endpoint
-                ? "callback"
-                : "oauthCallback"](callback, Object.fromEntries(form), {
-                code_verifier,
-                state,
-            });
-            return ctx.success(c, {
-                client,
-                tokenset,
-            });
-        });
-    };
-};

package/dist/auth/adapter/oidc.d.ts

@@ -1,19 +0,0 @@
-import { BaseClient, Issuer, TokenSet } from "openid-client";
-export interface OidcBasicConfig {
-    /**
-     * The clientID provided by the third party oauth service
-     */
-    clientID: string;
-    /**
-     * Determines whether users will be prompted for reauthentication and consent
-     */
-    prompt?: string;
-}
-export interface OidcConfig extends OidcBasicConfig {
-    issuer: Issuer;
-    scope: string;
-}
-export declare const OidcAdapter: (config: OidcConfig) => (routes: import("./adapter.js").AdapterRoute, ctx: import("./adapter.js").AdapterOptions<{
-    tokenset: TokenSet;
-    client: BaseClient;
-}>) => Promise<void>;

package/dist/auth/adapter/oidc.js

@@ -1,45 +0,0 @@
-import { generators } from "openid-client";
-import { getCookie } from "hono/cookie";
-export const OidcAdapter = /* @__PURE__ */ (config) => {
-    return async function (routes, ctx) {
-        routes.get("/authorize", async (c) => {
-            const callback = c.req.url.replace(/authorize\/.*$/, "callback");
-            const client = new config.issuer.Client({
-                client_id: config.clientID,
-                redirect_uris: [callback],
-                response_types: ["id_token"],
-            });
-            const nonce = generators.nonce();
-            const state = generators.state();
-            const url = client.authorizationUrl({
-                scope: config.scope,
-                response_mode: "form_post",
-                nonce,
-                state,
-                prompt: config.prompt,
-            });
-            ctx.cookie(c, "auth_nonce", nonce, 60 * 10);
-            ctx.cookie(c, "auth_state", state, 60 * 10);
-            return c.redirect(url);
-        });
-        routes.post("/callback", async (c) => {
-            const callback = c.req.url.replace(/authorize\/.*$/, "callback");
-            const client = new config.issuer.Client({
-                client_id: config.clientID,
-                redirect_uris: [callback],
-                response_types: ["id_token"],
-            });
-            const form = await c.req.formData();
-            const nonce = getCookie(c, "auth_nonce");
-            const state = getCookie(c, "auth_state");
-            const tokenset = await client.callback(callback, Object.fromEntries(form), {
-                nonce,
-                state,
-            });
-            return ctx.success(c, {
-                tokenset,
-                client,
-            });
-        });
-    };
-};

package/dist/auth/adapter/spotify.d.ts

@@ -1,12 +0,0 @@
-import { OauthBasicConfig } from "./oauth.js";
-/**
- * The Spotify Adapter follows the PKCE flow outlined here:
- * https://developer.spotify.com/documentation/web-api/tutorials/code-pkce-flow
- *
- * List of scopes available:
- * https://developer.spotify.com/documentation/web-api/concepts/scopes
- */
-export declare const SpotifyAdapter: (config: OauthBasicConfig) => (routes: import("./adapter.js").AdapterRoute, ctx: import("./adapter.js").AdapterOptions<{
-    tokenset: import("openid-client").TokenSet;
-    client: import("openid-client").BaseClient;
-}>) => Promise<void>;

package/dist/auth/adapter/spotify.js

@@ -1,22 +0,0 @@
-import { Issuer } from "openid-client";
-import { OauthAdapter } from "./oauth.js";
-const issuer = new Issuer({
-    issuer: "https://accounts.spotify.com",
-    authorization_endpoint: "https://accounts.spotify.com/authorize",
-    token_endpoint: "https://accounts.spotify.com/api/token",
-});
-/**
- * The Spotify Adapter follows the PKCE flow outlined here:
- * https://developer.spotify.com/documentation/web-api/tutorials/code-pkce-flow
- *
- * List of scopes available:
- * https://developer.spotify.com/documentation/web-api/concepts/scopes
- */
-export const SpotifyAdapter = 
-/* @__PURE__ */
-(config) => {
-    return OauthAdapter({
-        issuer,
-        ...config,
-    });
-};

package/dist/auth/example/bun.d.ts

@@ -1,2 +0,0 @@
-declare const _default: import("hono/tiny").Hono<import("hono").Env, import("hono/types").BlankSchema, "/">;
-export default _default;

package/dist/auth/example/bun.js

@@ -1,46 +0,0 @@
-import { AuthHandler } from "../handler.js";
-import { LinkAdapter } from "../adapter/link.js";
-import { createSessionBuilder } from "../session.js";
-import { CodeAdapter } from "../adapter/index.js";
-const sessions = createSessionBuilder();
-export default AuthHandler({
-    providers: {
-        link: LinkAdapter({
-            async onLink(link, claims) {
-                return new Response(link, {
-                    status: 200,
-                    headers: { "Content-Type": "text/plain" },
-                });
-            },
-        }),
-        code: CodeAdapter({
-            onCodeRequest: async (code, claims) => {
-                return new Response("Your code is " + code, {
-                    status: 200,
-                    headers: { "Content-Type": "text/plain" },
-                });
-            },
-            onCodeInvalid: async (code, claims) => {
-                return new Response("Code is invalid " + code, {
-                    status: 200,
-                    headers: { "Content-Type": "text/plain" },
-                });
-            },
-        }),
-    },
-    callbacks: {
-        auth: {
-            async allowClient(input) {
-                return true;
-            },
-            async success(ctx, input) {
-                return ctx.session({
-                    type: "user",
-                    properties: {
-                        email: input.claims.email,
-                    },
-                });
-            },
-        },
-    },
-});