trustline 0.0.1 → 0.1.0

package/dist/frameworks/hono/index.js

@@ -0,0 +1,79 @@
+import {
+  AuthError
+} from "../../chunk-GF3NKEEK.js";
+
+// src/frameworks/hono/index.ts
+import { Hono } from "hono";
+import { createMiddleware } from "hono/factory";
+function createHonoProvider(provider) {
+  const app = new Hono();
+  app.get(
+    "/.well-known/jwks.json",
+    async (context) => provider.handle(
+      new Request(context.req.raw.url, {
+        method: "GET",
+        headers: context.req.raw.headers
+      })
+    )
+  );
+  app.post(
+    "/token",
+    async (context) => provider.handle(
+      new Request(context.req.raw.url, {
+        method: "POST",
+        headers: context.req.raw.headers,
+        body: context.req.raw.body
+      })
+    )
+  );
+  return app;
+}
+function createHonoGuard(guard) {
+  return createMiddleware(async (context, next) => {
+    const header = context.req.header("authorization");
+    const token = getBearerToken(header);
+    if (!token) {
+      return context.json(
+        {
+          error: "missing_token",
+          message: "Missing bearer token"
+        },
+        401
+      );
+    }
+    try {
+      const identity = await guard.verify(token);
+      context.set("trustline", identity);
+      await next();
+    } catch (error) {
+      const authError = error instanceof AuthError ? error : new AuthError(
+        "invalid_token",
+        "Token verification failed",
+        401,
+        error
+      );
+      return context.json(
+        {
+          error: authError.code,
+          message: authError.message
+        },
+        authError.status
+      );
+    }
+  });
+}
+function getBearerToken(header) {
+  if (!header) {
+    return null;
+  }
+  const [scheme, token] = header.split(/\s+/, 2);
+  if (scheme?.toLowerCase() !== "bearer" || !token) {
+    return null;
+  }
+  return token;
+}
+export {
+  createHonoGuard,
+  createHonoProvider
+};
+//# sourceMappingURL=index.js.map

package/dist/frameworks/hono/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/frameworks/hono/index.ts"],"sourcesContent":["import { Hono } from \"hono\";\nimport { createMiddleware } from \"hono/factory\";\n\nimport { AuthError } from \"../../core/errors\";\nimport type { ServiceIdentity } from \"../../core/token\";\nimport type { Provider } from \"../../provider\";\n\nexport interface GuardVerifier {\n  verify(token: string): Promise<ServiceIdentity>;\n}\n\nexport function createHonoProvider(provider: Provider): Hono {\n  const app = new Hono();\n\n  app.get(\"/.well-known/jwks.json\", async (context) =>\n    provider.handle(\n      new Request(context.req.raw.url, {\n        method: \"GET\",\n        headers: context.req.raw.headers,\n      }),\n    ),\n  );\n\n  app.post(\"/token\", async (context) =>\n    provider.handle(\n      new Request(context.req.raw.url, {\n        method: \"POST\",\n        headers: context.req.raw.headers,\n        body: context.req.raw.body,\n      }),\n    ),\n  );\n\n  return app;\n}\n\nexport function createHonoGuard(guard: GuardVerifier) {\n  return createMiddleware(async (context, next) => {\n    const header = context.req.header(\"authorization\");\n    const token = getBearerToken(header);\n\n    if (!token) {\n      return context.json(\n        {\n          error: \"missing_token\",\n          message: \"Missing bearer token\",\n        },\n        401,\n      );\n    }\n\n    try {\n      const identity = await guard.verify(token);\n      context.set(\"trustline\", identity);\n      await next();\n    } catch (error) {\n      const authError =\n        error instanceof AuthError\n          ? error\n          : new AuthError(\n              \"invalid_token\",\n              \"Token verification failed\",\n              401,\n              error,\n            );\n      return context.json(\n        {\n          error: authError.code,\n          message: authError.message,\n        },\n        authError.status as 401 | 403,\n      );\n    }\n  });\n}\n\nfunction getBearerToken(header: string | undefined): string | null {\n  if (!header) {\n    return null;\n  }\n\n  const [scheme, token] = header.split(/\\s+/, 2);\n  if (scheme?.toLowerCase() !== \"bearer\" || !token) {\n    return null;\n  }\n\n  return token;\n}\n"],"mappings":";;;;;AAAA,SAAS,YAAY;AACrB,SAAS,wBAAwB;AAU1B,SAAS,mBAAmB,UAA0B;AAC3D,QAAM,MAAM,IAAI,KAAK;AAErB,MAAI;AAAA,IAAI;AAAA,IAA0B,OAAO,YACvC,SAAS;AAAA,MACP,IAAI,QAAQ,QAAQ,IAAI,IAAI,KAAK;AAAA,QAC/B,QAAQ;AAAA,QACR,SAAS,QAAQ,IAAI,IAAI;AAAA,MAC3B,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI;AAAA,IAAK;AAAA,IAAU,OAAO,YACxB,SAAS;AAAA,MACP,IAAI,QAAQ,QAAQ,IAAI,IAAI,KAAK;AAAA,QAC/B,QAAQ;AAAA,QACR,SAAS,QAAQ,IAAI,IAAI;AAAA,QACzB,MAAM,QAAQ,IAAI,IAAI;AAAA,MACxB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,gBAAgB,OAAsB;AACpD,SAAO,iBAAiB,OAAO,SAAS,SAAS;AAC/C,UAAM,SAAS,QAAQ,IAAI,OAAO,eAAe;AACjD,UAAM,QAAQ,eAAe,MAAM;AAEnC,QAAI,CAAC,OAAO;AACV,aAAO,QAAQ;AAAA,QACb;AAAA,UACE,OAAO;AAAA,UACP,SAAS;AAAA,QACX;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAEA,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,OAAO,KAAK;AACzC,cAAQ,IAAI,aAAa,QAAQ;AACjC,YAAM,KAAK;AAAA,IACb,SAAS,OAAO;AACd,YAAM,YACJ,iBAAiB,YACb,QACA,IAAI;AAAA,QACF;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACN,aAAO,QAAQ;AAAA,QACb;AAAA,UACE,OAAO,UAAU;AAAA,UACjB,SAAS,UAAU;AAAA,QACrB;AAAA,QACA,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAEA,SAAS,eAAe,QAA2C;AACjE,MAAI,CAAC,QAAQ;AACX,WAAO;AAAA,EACT;AAEA,QAAM,CAAC,QAAQ,KAAK,IAAI,OAAO,MAAM,OAAO,CAAC;AAC7C,MAAI,QAAQ,YAAY,MAAM,YAAY,CAAC,OAAO;AAChD,WAAO;AAAA,EACT;AAEA,SAAO;AACT;","names":[]}

package/dist/index-Dc4GFume.d.ts

@@ -0,0 +1,34 @@
+import { b as ServiceClient, a as StorageAdapter, d as SigningAlgorithm } from './interface-BzT_DC3u.js';
+
+interface ProviderOptions {
+    issuer: string;
+    storage: StorageAdapter;
+    signing?: {
+        algorithm?: SigningAlgorithm;
+        privateKey?: string;
+        keyId?: string;
+    };
+    token?: {
+        ttl?: number;
+    };
+    env?: string;
+}
+interface CreateProviderClientInput {
+    name: string;
+    scopes?: string[];
+}
+interface CreatedProviderClient {
+    clientId: string;
+    clientSecret: string;
+}
+interface Provider {
+    handle(request: Request): Promise<Response>;
+    clients: {
+        create(input: CreateProviderClientInput): Promise<CreatedProviderClient>;
+        list(): Promise<ServiceClient[]>;
+        revoke(clientId: string): Promise<void>;
+    };
+}
+declare function createProvider(options: ProviderOptions): Provider;
+
+export { type CreateProviderClientInput as C, type Provider as P, type CreatedProviderClient as a, type ProviderOptions as b, createProvider as c };

package/dist/index-DqkKZOlH.d.cts

@@ -0,0 +1,34 @@
+import { b as ServiceClient, a as StorageAdapter, d as SigningAlgorithm } from './interface-BzT_DC3u.cjs';
+
+interface ProviderOptions {
+    issuer: string;
+    storage: StorageAdapter;
+    signing?: {
+        algorithm?: SigningAlgorithm;
+        privateKey?: string;
+        keyId?: string;
+    };
+    token?: {
+        ttl?: number;
+    };
+    env?: string;
+}
+interface CreateProviderClientInput {
+    name: string;
+    scopes?: string[];
+}
+interface CreatedProviderClient {
+    clientId: string;
+    clientSecret: string;
+}
+interface Provider {
+    handle(request: Request): Promise<Response>;
+    clients: {
+        create(input: CreateProviderClientInput): Promise<CreatedProviderClient>;
+        list(): Promise<ServiceClient[]>;
+        revoke(clientId: string): Promise<void>;
+    };
+}
+declare function createProvider(options: ProviderOptions): Provider;
+
+export { type CreateProviderClientInput as C, type Provider as P, type CreatedProviderClient as a, type ProviderOptions as b, createProvider as c };