surrge 0.11.3 → 0.11.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/auth/config.d.ts +0 -2
  2. package/dist/auth/config.d.ts.map +1 -1
  3. package/dist/auth/passkey.d.ts +4 -4
  4. package/dist/auth/passkey.d.ts.map +1 -1
  5. package/dist/dashboard/index.d.ts.map +1 -1
  6. package/dist/index.js +36 -30
  7. package/dist/loader.js +36 -30
  8. package/dist/register.js +36 -30
  9. package/dist/scripts/postinstall.js +38 -0
  10. package/dist/src/cli.js +53 -0
  11. package/dist/src/hooks.js +148 -0
  12. package/dist/src/index.js +26073 -0
  13. package/dist/src/loader.js +26194 -0
  14. package/dist/src/register.js +26068 -0
  15. package/package.json +1 -1
package/dist/auth/config.d.ts CHANGED
@@ -1,6 +1,4 @@
1
1
  export declare const challenges: Map<string, string>;
2
2
  export declare const rpName: string;
3
- export declare const rpID: string;
4
- export declare const origin: string;
5
3
  export declare const secret: string;
6
4
  //# sourceMappingURL=config.d.ts.map
package/dist/auth/config.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,UAAU,qBAA4B,CAAC;AAGpD,eAAO,MAAM,MAAM,EAAE,MAAiB,CAAC;AACvC,eAAO,MAAM,IAAI,EAAE,MAAgD,CAAC;AACpE,eAAO,MAAM,MAAM,EAAE,MACiC,CAAC;AAGvD,eAAO,MAAM,MAAM,EAAE,MAAkD,CAAC"}
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,UAAU,qBAA4B,CAAC;AAGpD,eAAO,MAAM,MAAM,EAAE,MAAiB,CAAC;AAGvC,eAAO,MAAM,MAAM,EAAE,MAAkD,CAAC"}
package/dist/auth/passkey.d.ts CHANGED
@@ -8,8 +8,8 @@ export type Registration = {
8
8
  export type Authentication = {
9
9
  counter: number;
10
10
  };
11
- export declare const challenge: (username: string) => Promise<Awaited<ReturnType<typeof generateRegistrationOptions>>>;
12
- export declare const register: (_username: string, response: VerifyRegistrationResponseOpts["response"], expectedChallenge: string) => Promise<Registration>;
13
- export declare const discover: () => Promise<Awaited<ReturnType<typeof generateAuthenticationOptions>>>;
14
- export declare const authenticate: (user: User.Record, response: VerifyAuthenticationResponseOpts["response"], expectedChallenge: string) => Promise<Authentication>;
11
+ export declare const challenge: (username: string, rpID: string) => Promise<Awaited<ReturnType<typeof generateRegistrationOptions>>>;
12
+ export declare const register: (_username: string, response: VerifyRegistrationResponseOpts["response"], expectedChallenge: string, expectedOrigin: string, expectedRPID: string) => Promise<Registration>;
13
+ export declare const discover: (rpID: string) => Promise<Awaited<ReturnType<typeof generateAuthenticationOptions>>>;
14
+ export declare const authenticate: (user: User.Record, response: VerifyAuthenticationResponseOpts["response"], expectedChallenge: string, expectedOrigin: string, expectedRPID: string) => Promise<Authentication>;
15
15
  //# sourceMappingURL=passkey.d.ts.map
package/dist/auth/passkey.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"passkey.d.ts","sourceRoot":"","sources":["../../src/auth/passkey.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,6BAA6B,EAC7B,2BAA2B,EAC3B,KAAK,gCAAgC,EACrC,KAAK,8BAA8B,EAGpC,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,KAAK,IAAI,MAAM,oBAAoB,CAAC;AAGhD,MAAM,MAAM,YAAY,GAAG;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,UAAU,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,eAAO,MAAM,SAAS,GACpB,UAAU,MAAM,KACf,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,2BAA2B,CAAC,CAAC,CAgBjE,CAAC;AAEF,eAAO,MAAM,QAAQ,GACnB,WAAW,MAAM,EACjB,UAAU,8BAA8B,CAAC,UAAU,CAAC,EACpD,mBAAmB,MAAM,KACxB,OAAO,CAAC,YAAY,CAmBtB,CAAC;AAGF,eAAO,MAAM,QAAQ,QAAa,OAAO,CACvC,OAAO,CAAC,UAAU,CAAC,OAAO,6BAA6B,CAAC,CAAC,CAU1D,CAAC;AAEF,eAAO,MAAM,YAAY,GACvB,MAAM,IAAI,CAAC,MAAM,EACjB,UAAU,gCAAgC,CAAC,UAAU,CAAC,EACtD,mBAAmB,MAAM,KACxB,OAAO,CAAC,cAAc,CAkBxB,CAAC"}
1
+ {"version":3,"file":"passkey.d.ts","sourceRoot":"","sources":["../../src/auth/passkey.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,6BAA6B,EAC7B,2BAA2B,EAC3B,KAAK,gCAAgC,EACrC,KAAK,8BAA8B,EAGpC,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,KAAK,IAAI,MAAM,oBAAoB,CAAC;AAGhD,MAAM,MAAM,YAAY,GAAG;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,UAAU,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,eAAO,MAAM,SAAS,GACpB,UAAU,MAAM,EAChB,MAAM,MAAM,KACX,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,2BAA2B,CAAC,CAAC,CAgBjE,CAAC;AAEF,eAAO,MAAM,QAAQ,GACnB,WAAW,MAAM,EACjB,UAAU,8BAA8B,CAAC,UAAU,CAAC,EACpD,mBAAmB,MAAM,EACzB,gBAAgB,MAAM,EACtB,cAAc,MAAM,KACnB,OAAO,CAAC,YAAY,CAmBtB,CAAC;AAGF,eAAO,MAAM,QAAQ,GACnB,MAAM,MAAM,KACX,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,6BAA6B,CAAC,CAAC,CASnE,CAAC;AAEF,eAAO,MAAM,YAAY,GACvB,MAAM,IAAI,CAAC,MAAM,EACjB,UAAU,gCAAgC,CAAC,UAAU,CAAC,EACtD,mBAAmB,MAAM,EACzB,gBAAgB,MAAM,EACtB,cAAc,MAAM,KACnB,OAAO,CAAC,cAAc,CAkBxB,CAAC"}
package/dist/dashboard/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/dashboard/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAiB5B,KAAK,SAAS,GAAG;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC;AAEF,eAAO,MAAM,eAAe,GAC1B,UAAU,MAAM,KACf,IAAI,CAAC;IAAE,SAAS,EAAE,SAAS,CAAA;CAAE,CAsc/B,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/dashboard/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AA6B5B,KAAK,SAAS,GAAG;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC;AAEF,eAAO,MAAM,eAAe,GAC1B,UAAU,MAAM,KACf,IAAI,CAAC;IAAE,SAAS,EAAE,SAAS,CAAA;CAAE,CA0c/B,CAAC"}
package/dist/index.js CHANGED
@@ -399,7 +399,7 @@ var require_sqlite_error = __commonJS((exports, module) => {
399
399
 
400
400
  // node_modules/libsql/index.js
401
401
  var require_libsql = __commonJS((exports, module) => {
402
- var __dirname = "/home/blakbelt78/Work/surrge/node_modules/libsql";
402
+ var __dirname = "/Users/eduardosasso/moonshot/surrge/node_modules/libsql";
403
403
  var { load, currentTarget } = require_dist();
404
404
  var { familySync, GLIBC } = require_detect_libc();
405
405
  function requireNative() {
@@ -14857,7 +14857,7 @@ var require_cjs5 = __commonJS((exports) => {
14857
14857
  // package.json
14858
14858
  var package_default = {
14859
14859
  name: "surrge",
14860
- version: "0.11.3",
14860
+ version: "0.11.4",
14861
14861
  description: "One-line observability + analytics for Node.js/Bun",
14862
14862
  type: "module",
14863
14863
  exports: {
@@ -22391,8 +22391,6 @@ var trimTrailingSlash = () => {
22391
22391
  import { randomUUID } from "node:crypto";
22392
22392
  var challenges = new Map;
22393
22393
  var rpName = "surrge";
22394
- var rpID = process.env.SURRGE_RP_ID || "localhost";
22395
- var origin = process.env.SURRGE_ORIGIN || "http://localhost:3000";
22396
22394
  var secret = process.env.SURRGE_SECRET || randomUUID();
22397
22395
 
22398
22396
  // node_modules/@simplewebauthn/server/esm/helpers/iso/isoBase64URL.js
@@ -23978,7 +23976,7 @@ var defaultAuthenticatorSelection = {
23978
23976
  };
23979
23977
  var defaultSupportedAlgorithmIDs = [-8, -7, -257];
23980
23978
  async function generateRegistrationOptions(options) {
23981
- const { rpName: rpName2, rpID: rpID2, userName, userID, challenge = await generateChallenge(), userDisplayName = "", timeout = 60000, attestationType = "none", excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs } = options;
23979
+ const { rpName: rpName2, rpID, userName, userID, challenge = await generateChallenge(), userDisplayName = "", timeout = 60000, attestationType = "none", excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs } = options;
23982
23980
  const pubKeyCredParams = supportedAlgorithmIDs.map((id) => ({
23983
23981
  alg: id,
23984
23982
  type: "public-key"
@@ -24005,7 +24003,7 @@ async function generateRegistrationOptions(options) {
24005
24003
  challenge: exports_isoBase64URL.fromBuffer(_challenge),
24006
24004
  rp: {
24007
24005
  name: rpName2,
24008
- id: rpID2
24006
+ id: rpID
24009
24007
  },
24010
24008
  user: {
24011
24009
  id: exports_isoBase64URL.fromBuffer(_userID),
@@ -25445,7 +25443,7 @@ async function verifyRegistrationResponse(options) {
25445
25443
  throw new Error(`Unexpected credential type ${credentialType}, expected "public-key"`);
25446
25444
  }
25447
25445
  const clientDataJSON = decodeClientDataJSON(attestationResponse.clientDataJSON);
25448
- const { type, origin: origin2, challenge, tokenBinding } = clientDataJSON;
25446
+ const { type, origin, challenge, tokenBinding } = clientDataJSON;
25449
25447
  if (Array.isArray(expectedType)) {
25450
25448
  if (!expectedType.includes(type)) {
25451
25449
  const joinedExpectedType = expectedType.join(", ");
@@ -25466,12 +25464,12 @@ async function verifyRegistrationResponse(options) {
25466
25464
  throw new Error(`Unexpected registration response challenge "${challenge}", expected "${expectedChallenge}"`);
25467
25465
  }
25468
25466
  if (Array.isArray(expectedOrigin)) {
25469
- if (!expectedOrigin.includes(origin2)) {
25470
- throw new Error(`Unexpected registration response origin "${origin2}", expected one of: ${expectedOrigin.join(", ")}`);
25467
+ if (!expectedOrigin.includes(origin)) {
25468
+ throw new Error(`Unexpected registration response origin "${origin}", expected one of: ${expectedOrigin.join(", ")}`);
25471
25469
  }
25472
25470
  } else {
25473
- if (origin2 !== expectedOrigin) {
25474
- throw new Error(`Unexpected registration response origin "${origin2}", expected "${expectedOrigin}"`);
25471
+ if (origin !== expectedOrigin) {
25472
+ throw new Error(`Unexpected registration response origin "${origin}", expected "${expectedOrigin}"`);
25475
25473
  }
25476
25474
  }
25477
25475
  if (tokenBinding) {
@@ -25587,13 +25585,13 @@ async function verifyRegistrationResponse(options) {
25587
25585
 
25588
25586
  // node_modules/@simplewebauthn/server/esm/authentication/generateAuthenticationOptions.js
25589
25587
  async function generateAuthenticationOptions(options) {
25590
- const { allowCredentials, challenge = await generateChallenge(), timeout = 60000, userVerification = "preferred", extensions, rpID: rpID2 } = options;
25588
+ const { allowCredentials, challenge = await generateChallenge(), timeout = 60000, userVerification = "preferred", extensions, rpID } = options;
25591
25589
  let _challenge = challenge;
25592
25590
  if (typeof _challenge === "string") {
25593
25591
  _challenge = exports_isoUint8Array.fromUTF8String(_challenge);
25594
25592
  }
25595
25593
  return {
25596
- rpId: rpID2,
25594
+ rpId: rpID,
25597
25595
  challenge: exports_isoBase64URL.fromBuffer(_challenge),
25598
25596
  allowCredentials: allowCredentials?.map((cred) => {
25599
25597
  if (!exports_isoBase64URL.isBase64URL(cred.id)) {
@@ -25631,7 +25629,7 @@ async function verifyAuthenticationResponse(options) {
25631
25629
  throw new Error("Credential response clientDataJSON was not a string");
25632
25630
  }
25633
25631
  const clientDataJSON = decodeClientDataJSON(assertionResponse.clientDataJSON);
25634
- const { type, origin: origin2, challenge, tokenBinding } = clientDataJSON;
25632
+ const { type, origin, challenge, tokenBinding } = clientDataJSON;
25635
25633
  if (Array.isArray(expectedType)) {
25636
25634
  if (!expectedType.includes(type)) {
25637
25635
  const joinedExpectedType = expectedType.join(", ");
@@ -25652,13 +25650,13 @@ async function verifyAuthenticationResponse(options) {
25652
25650
  throw new Error(`Unexpected authentication response challenge "${challenge}", expected "${expectedChallenge}"`);
25653
25651
  }
25654
25652
  if (Array.isArray(expectedOrigin)) {
25655
- if (!expectedOrigin.includes(origin2)) {
25653
+ if (!expectedOrigin.includes(origin)) {
25656
25654
  const joinedExpectedOrigin = expectedOrigin.join(", ");
25657
- throw new Error(`Unexpected authentication response origin "${origin2}", expected one of: ${joinedExpectedOrigin}`);
25655
+ throw new Error(`Unexpected authentication response origin "${origin}", expected one of: ${joinedExpectedOrigin}`);
25658
25656
  }
25659
25657
  } else {
25660
- if (origin2 !== expectedOrigin) {
25661
- throw new Error(`Unexpected authentication response origin "${origin2}", expected "${expectedOrigin}"`);
25658
+ if (origin !== expectedOrigin) {
25659
+ throw new Error(`Unexpected authentication response origin "${origin}", expected "${expectedOrigin}"`);
25662
25660
  }
25663
25661
  }
25664
25662
  if (!exports_isoBase64URL.isBase64URL(assertionResponse.authenticatorData)) {
@@ -25731,7 +25729,7 @@ async function verifyAuthenticationResponse(options) {
25731
25729
  }
25732
25730
 
25733
25731
  // src/auth/passkey.ts
25734
- var challenge = async (username) => {
25732
+ var challenge = async (username, rpID) => {
25735
25733
  const options = await generateRegistrationOptions({
25736
25734
  rpName,
25737
25735
  rpID,
@@ -25746,12 +25744,12 @@ var challenge = async (username) => {
25746
25744
  challenges.set(username, options.challenge);
25747
25745
  return options;
25748
25746
  };
25749
- var register = async (_username, response, expectedChallenge) => {
25747
+ var register = async (_username, response, expectedChallenge, expectedOrigin, expectedRPID) => {
25750
25748
  const verification = await verifyRegistrationResponse({
25751
25749
  response,
25752
25750
  expectedChallenge,
25753
- expectedOrigin: origin,
25754
- expectedRPID: rpID
25751
+ expectedOrigin,
25752
+ expectedRPID
25755
25753
  });
25756
25754
  if (!verification.verified || !verification.registrationInfo) {
25757
25755
  throw new Error("Verification failed");
@@ -25763,7 +25761,7 @@ var register = async (_username, response, expectedChallenge) => {
25763
25761
  counter: credential.counter
25764
25762
  };
25765
25763
  };
25766
- var discover = async () => {
25764
+ var discover = async (rpID) => {
25767
25765
  const result = await generateAuthenticationOptions({
25768
25766
  rpID,
25769
25767
  userVerification: "required"
@@ -25771,12 +25769,12 @@ var discover = async () => {
25771
25769
  challenges.set(result.challenge, result.challenge);
25772
25770
  return result;
25773
25771
  };
25774
- var authenticate = async (user, response, expectedChallenge) => {
25772
+ var authenticate = async (user, response, expectedChallenge, expectedOrigin, expectedRPID) => {
25775
25773
  const verification = await verifyAuthenticationResponse({
25776
25774
  response,
25777
25775
  expectedChallenge,
25778
- expectedOrigin: origin,
25779
- expectedRPID: rpID,
25776
+ expectedOrigin,
25777
+ expectedRPID,
25780
25778
  credential: {
25781
25779
  id: user.credential_id,
25782
25780
  publicKey: user.public_key,
@@ -26136,6 +26134,14 @@ Please change the parent <Route path="\${E}"> to <Route path="\${E==="/"?"*":\`\
26136
26134
 
26137
26135
  // src/dashboard/index.ts
26138
26136
  var SESSION_MAX_AGE = 30 * 24 * 60 * 60;
26137
+ var origin = (c) => {
26138
+ const url = new URL(c.req.url);
26139
+ return url.origin;
26140
+ };
26141
+ var hostname = (c) => {
26142
+ const url = new URL(c.req.url);
26143
+ return url.hostname;
26144
+ };
26139
26145
  var createDashboard = (basePath) => {
26140
26146
  const app = new Hono2().basePath(basePath);
26141
26147
  const auth = async (c, next) => {
@@ -26253,7 +26259,7 @@ var createDashboard = (basePath) => {
26253
26259
  if (!username?.trim()) {
26254
26260
  return c.json({ error: "Username required" }, 400);
26255
26261
  }
26256
- const options = await challenge(username);
26262
+ const options = await challenge(username, hostname(c));
26257
26263
  return c.json(options);
26258
26264
  });
26259
26265
  app.post("/api/auth/register/verify", async (c) => {
@@ -26267,7 +26273,7 @@ var createDashboard = (basePath) => {
26267
26273
  return c.json({ error: "Challenge expired" }, 400);
26268
26274
  }
26269
26275
  try {
26270
- const registration = await register(username, credential, challenge2);
26276
+ const registration = await register(username, credential, challenge2, origin(c), hostname(c));
26271
26277
  await create2({
26272
26278
  username,
26273
26279
  credential_id: registration.credential_id,
@@ -26294,7 +26300,7 @@ var createDashboard = (basePath) => {
26294
26300
  }
26295
26301
  });
26296
26302
  app.get("/api/auth/login", async (c) => {
26297
- const options = await discover();
26303
+ const options = await discover(hostname(c));
26298
26304
  return c.json(options);
26299
26305
  });
26300
26306
  app.post("/api/auth/login/verify", async (c) => {
@@ -26317,7 +26323,7 @@ var createDashboard = (basePath) => {
26317
26323
  return c.json({ error: "Challenge expired" }, 400);
26318
26324
  }
26319
26325
  try {
26320
- const auth2 = await authenticate(user, credential, challenge2 || foundChallenge);
26326
+ const auth2 = await authenticate(user, credential, challenge2 || foundChallenge, origin(c), hostname(c));
26321
26327
  await touch(user.username, auth2.counter);
26322
26328
  const token = create(user.username);
26323
26329
  setCookie(c, "session", token, {
package/dist/loader.js CHANGED
@@ -399,7 +399,7 @@ var require_sqlite_error = __commonJS((exports, module) => {
399
399
 
400
400
  // node_modules/libsql/index.js
401
401
  var require_libsql = __commonJS((exports, module) => {
402
- var __dirname = "/home/blakbelt78/Work/surrge/node_modules/libsql";
402
+ var __dirname = "/Users/eduardosasso/moonshot/surrge/node_modules/libsql";
403
403
  var { load, currentTarget } = require_dist();
404
404
  var { familySync, GLIBC } = require_detect_libc();
405
405
  function requireNative() {
@@ -14857,7 +14857,7 @@ var require_cjs5 = __commonJS((exports) => {
14857
14857
  // package.json
14858
14858
  var package_default = {
14859
14859
  name: "surrge",
14860
- version: "0.11.3",
14860
+ version: "0.11.4",
14861
14861
  description: "One-line observability + analytics for Node.js/Bun",
14862
14862
  type: "module",
14863
14863
  exports: {
@@ -22391,8 +22391,6 @@ var trimTrailingSlash = () => {
22391
22391
  import { randomUUID } from "node:crypto";
22392
22392
  var challenges = new Map;
22393
22393
  var rpName = "surrge";
22394
- var rpID = process.env.SURRGE_RP_ID || "localhost";
22395
- var origin = process.env.SURRGE_ORIGIN || "http://localhost:3000";
22396
22394
  var secret = process.env.SURRGE_SECRET || randomUUID();
22397
22395
 
22398
22396
  // node_modules/@simplewebauthn/server/esm/helpers/iso/isoBase64URL.js
@@ -23978,7 +23976,7 @@ var defaultAuthenticatorSelection = {
23978
23976
  };
23979
23977
  var defaultSupportedAlgorithmIDs = [-8, -7, -257];
23980
23978
  async function generateRegistrationOptions(options) {
23981
- const { rpName: rpName2, rpID: rpID2, userName, userID, challenge = await generateChallenge(), userDisplayName = "", timeout = 60000, attestationType = "none", excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs } = options;
23979
+ const { rpName: rpName2, rpID, userName, userID, challenge = await generateChallenge(), userDisplayName = "", timeout = 60000, attestationType = "none", excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs } = options;
23982
23980
  const pubKeyCredParams = supportedAlgorithmIDs.map((id) => ({
23983
23981
  alg: id,
23984
23982
  type: "public-key"
@@ -24005,7 +24003,7 @@ async function generateRegistrationOptions(options) {
24005
24003
  challenge: exports_isoBase64URL.fromBuffer(_challenge),
24006
24004
  rp: {
24007
24005
  name: rpName2,
24008
- id: rpID2
24006
+ id: rpID
24009
24007
  },
24010
24008
  user: {
24011
24009
  id: exports_isoBase64URL.fromBuffer(_userID),
@@ -25445,7 +25443,7 @@ async function verifyRegistrationResponse(options) {
25445
25443
  throw new Error(`Unexpected credential type ${credentialType}, expected "public-key"`);
25446
25444
  }
25447
25445
  const clientDataJSON = decodeClientDataJSON(attestationResponse.clientDataJSON);
25448
- const { type, origin: origin2, challenge, tokenBinding } = clientDataJSON;
25446
+ const { type, origin, challenge, tokenBinding } = clientDataJSON;
25449
25447
  if (Array.isArray(expectedType)) {
25450
25448
  if (!expectedType.includes(type)) {
25451
25449
  const joinedExpectedType = expectedType.join(", ");
@@ -25466,12 +25464,12 @@ async function verifyRegistrationResponse(options) {
25466
25464
  throw new Error(`Unexpected registration response challenge "${challenge}", expected "${expectedChallenge}"`);
25467
25465
  }
25468
25466
  if (Array.isArray(expectedOrigin)) {
25469
- if (!expectedOrigin.includes(origin2)) {
25470
- throw new Error(`Unexpected registration response origin "${origin2}", expected one of: ${expectedOrigin.join(", ")}`);
25467
+ if (!expectedOrigin.includes(origin)) {
25468
+ throw new Error(`Unexpected registration response origin "${origin}", expected one of: ${expectedOrigin.join(", ")}`);
25471
25469
  }
25472
25470
  } else {
25473
- if (origin2 !== expectedOrigin) {
25474
- throw new Error(`Unexpected registration response origin "${origin2}", expected "${expectedOrigin}"`);
25471
+ if (origin !== expectedOrigin) {
25472
+ throw new Error(`Unexpected registration response origin "${origin}", expected "${expectedOrigin}"`);
25475
25473
  }
25476
25474
  }
25477
25475
  if (tokenBinding) {
@@ -25587,13 +25585,13 @@ async function verifyRegistrationResponse(options) {
25587
25585
 
25588
25586
  // node_modules/@simplewebauthn/server/esm/authentication/generateAuthenticationOptions.js
25589
25587
  async function generateAuthenticationOptions(options) {
25590
- const { allowCredentials, challenge = await generateChallenge(), timeout = 60000, userVerification = "preferred", extensions, rpID: rpID2 } = options;
25588
+ const { allowCredentials, challenge = await generateChallenge(), timeout = 60000, userVerification = "preferred", extensions, rpID } = options;
25591
25589
  let _challenge = challenge;
25592
25590
  if (typeof _challenge === "string") {
25593
25591
  _challenge = exports_isoUint8Array.fromUTF8String(_challenge);
25594
25592
  }
25595
25593
  return {
25596
- rpId: rpID2,
25594
+ rpId: rpID,
25597
25595
  challenge: exports_isoBase64URL.fromBuffer(_challenge),
25598
25596
  allowCredentials: allowCredentials?.map((cred) => {
25599
25597
  if (!exports_isoBase64URL.isBase64URL(cred.id)) {
@@ -25631,7 +25629,7 @@ async function verifyAuthenticationResponse(options) {
25631
25629
  throw new Error("Credential response clientDataJSON was not a string");
25632
25630
  }
25633
25631
  const clientDataJSON = decodeClientDataJSON(assertionResponse.clientDataJSON);
25634
- const { type, origin: origin2, challenge, tokenBinding } = clientDataJSON;
25632
+ const { type, origin, challenge, tokenBinding } = clientDataJSON;
25635
25633
  if (Array.isArray(expectedType)) {
25636
25634
  if (!expectedType.includes(type)) {
25637
25635
  const joinedExpectedType = expectedType.join(", ");
@@ -25652,13 +25650,13 @@ async function verifyAuthenticationResponse(options) {
25652
25650
  throw new Error(`Unexpected authentication response challenge "${challenge}", expected "${expectedChallenge}"`);
25653
25651
  }
25654
25652
  if (Array.isArray(expectedOrigin)) {
25655
- if (!expectedOrigin.includes(origin2)) {
25653
+ if (!expectedOrigin.includes(origin)) {
25656
25654
  const joinedExpectedOrigin = expectedOrigin.join(", ");
25657
- throw new Error(`Unexpected authentication response origin "${origin2}", expected one of: ${joinedExpectedOrigin}`);
25655
+ throw new Error(`Unexpected authentication response origin "${origin}", expected one of: ${joinedExpectedOrigin}`);
25658
25656
  }
25659
25657
  } else {
25660
- if (origin2 !== expectedOrigin) {
25661
- throw new Error(`Unexpected authentication response origin "${origin2}", expected "${expectedOrigin}"`);
25658
+ if (origin !== expectedOrigin) {
25659
+ throw new Error(`Unexpected authentication response origin "${origin}", expected "${expectedOrigin}"`);
25662
25660
  }
25663
25661
  }
25664
25662
  if (!exports_isoBase64URL.isBase64URL(assertionResponse.authenticatorData)) {
@@ -25731,7 +25729,7 @@ async function verifyAuthenticationResponse(options) {
25731
25729
  }
25732
25730
 
25733
25731
  // src/auth/passkey.ts
25734
- var challenge = async (username) => {
25732
+ var challenge = async (username, rpID) => {
25735
25733
  const options = await generateRegistrationOptions({
25736
25734
  rpName,
25737
25735
  rpID,
@@ -25746,12 +25744,12 @@ var challenge = async (username) => {
25746
25744
  challenges.set(username, options.challenge);
25747
25745
  return options;
25748
25746
  };
25749
- var register = async (_username, response, expectedChallenge) => {
25747
+ var register = async (_username, response, expectedChallenge, expectedOrigin, expectedRPID) => {
25750
25748
  const verification = await verifyRegistrationResponse({
25751
25749
  response,
25752
25750
  expectedChallenge,
25753
- expectedOrigin: origin,
25754
- expectedRPID: rpID
25751
+ expectedOrigin,
25752
+ expectedRPID
25755
25753
  });
25756
25754
  if (!verification.verified || !verification.registrationInfo) {
25757
25755
  throw new Error("Verification failed");
@@ -25763,7 +25761,7 @@ var register = async (_username, response, expectedChallenge) => {
25763
25761
  counter: credential.counter
25764
25762
  };
25765
25763
  };
25766
- var discover = async () => {
25764
+ var discover = async (rpID) => {
25767
25765
  const result = await generateAuthenticationOptions({
25768
25766
  rpID,
25769
25767
  userVerification: "required"
@@ -25771,12 +25769,12 @@ var discover = async () => {
25771
25769
  challenges.set(result.challenge, result.challenge);
25772
25770
  return result;
25773
25771
  };
25774
- var authenticate = async (user, response, expectedChallenge) => {
25772
+ var authenticate = async (user, response, expectedChallenge, expectedOrigin, expectedRPID) => {
25775
25773
  const verification = await verifyAuthenticationResponse({
25776
25774
  response,
25777
25775
  expectedChallenge,
25778
- expectedOrigin: origin,
25779
- expectedRPID: rpID,
25776
+ expectedOrigin,
25777
+ expectedRPID,
25780
25778
  credential: {
25781
25779
  id: user.credential_id,
25782
25780
  publicKey: user.public_key,
@@ -26136,6 +26134,14 @@ Please change the parent <Route path="\${E}"> to <Route path="\${E==="/"?"*":\`\
26136
26134
 
26137
26135
  // src/dashboard/index.ts
26138
26136
  var SESSION_MAX_AGE = 30 * 24 * 60 * 60;
26137
+ var origin = (c) => {
26138
+ const url = new URL(c.req.url);
26139
+ return url.origin;
26140
+ };
26141
+ var hostname = (c) => {
26142
+ const url = new URL(c.req.url);
26143
+ return url.hostname;
26144
+ };
26139
26145
  var createDashboard = (basePath) => {
26140
26146
  const app = new Hono2().basePath(basePath);
26141
26147
  const auth = async (c, next) => {
@@ -26253,7 +26259,7 @@ var createDashboard = (basePath) => {
26253
26259
  if (!username?.trim()) {
26254
26260
  return c.json({ error: "Username required" }, 400);
26255
26261
  }
26256
- const options = await challenge(username);
26262
+ const options = await challenge(username, hostname(c));
26257
26263
  return c.json(options);
26258
26264
  });
26259
26265
  app.post("/api/auth/register/verify", async (c) => {
@@ -26267,7 +26273,7 @@ var createDashboard = (basePath) => {
26267
26273
  return c.json({ error: "Challenge expired" }, 400);
26268
26274
  }
26269
26275
  try {
26270
- const registration = await register(username, credential, challenge2);
26276
+ const registration = await register(username, credential, challenge2, origin(c), hostname(c));
26271
26277
  await create2({
26272
26278
  username,
26273
26279
  credential_id: registration.credential_id,
@@ -26294,7 +26300,7 @@ var createDashboard = (basePath) => {
26294
26300
  }
26295
26301
  });
26296
26302
  app.get("/api/auth/login", async (c) => {
26297
- const options = await discover();
26303
+ const options = await discover(hostname(c));
26298
26304
  return c.json(options);
26299
26305
  });
26300
26306
  app.post("/api/auth/login/verify", async (c) => {
@@ -26317,7 +26323,7 @@ var createDashboard = (basePath) => {
26317
26323
  return c.json({ error: "Challenge expired" }, 400);
26318
26324
  }
26319
26325
  try {
26320
- const auth2 = await authenticate(user, credential, challenge2 || foundChallenge);
26326
+ const auth2 = await authenticate(user, credential, challenge2 || foundChallenge, origin(c), hostname(c));
26321
26327
  await touch(user.username, auth2.counter);
26322
26328
  const token = create(user.username);
26323
26329
  setCookie(c, "session", token, {