UNPKG

authrix

Version:

Lightweight, flexible authentication library for Node.js and TypeScript.

2 lines 15.5 kB
'use strict';var chunk7XJHFHZC_cjs=require('./chunk-7XJHFHZC.cjs'),chunkKNJJ53V6_cjs=require('./chunk-KNJJ53V6.cjs'),chunk6RHTSQEI_cjs=require('./chunk-6RHTSQEI.cjs'),chunkU7X54YR4_cjs=require('./chunk-U7X54YR4.cjs'),chunk7WU7RGT7_cjs=require('./chunk-7WU7RGT7.cjs'),chunkVT33DMBK_cjs=require('./chunk-VT33DMBK.cjs'),chunk5J33RH7C_cjs=require('./chunk-5J33RH7C.cjs');require('./chunk-D6WM53FN.cjs');var l=class d{static base64URLEncode(e){let t=e instanceof Uint8Array?e:new Uint8Array(e),r="";for(let n=0;n<t.length;n++)r+=String.fromCharCode(t[n]);return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}static async generateChallenge(){let e=d.base64URLEncode(crypto.getRandomValues(new Uint8Array(32))),r=new TextEncoder().encode(e),n=await crypto.subtle.digest("SHA-256",r),i=d.base64URLEncode(n);return {verifier:e,challenge:i}}},g=class{constructor(e){this.pkceStore=new Map;this.validateConfig(e),this.config=this.normalizeConfig(e);}validateConfig(e){let r=["name","clientId","clientSecret","redirectUri","endpoints"].filter(n=>!e[n]);if(r.length>0)throw new Error(`Missing required OAuth configuration: ${r.join(", ")}`);if(!e.endpoints.authorization||!e.endpoints.token)throw new Error("Authorization and token endpoints are required");try{new URL(e.endpoints.authorization),new URL(e.endpoints.token),e.endpoints.userInfo&&new URL(e.endpoints.userInfo),e.endpoints.revoke&&new URL(e.endpoints.revoke);}catch{throw new Error("Invalid endpoint URL format")}}normalizeConfig(e){return {...e,scopes:e.scopes||["openid","profile","email"],authorizationParams:e.authorizationParams||{},tokenParams:e.tokenParams||{},userInfoHeaders:e.userInfoHeaders||{},state:e.state!==false,userProfileMapping:e.userProfileMapping||{id:"sub",email:"email",name:"name",avatar:"picture",emailVerified:"email_verified"}}}async getAuthorizationURL(e={}){let t=new URLSearchParams({client_id:this.config.clientId,redirect_uri:this.config.redirectUri,response_type:"code",scope:(e.scopes||this.config.scopes||[]).join(" "),...this.config.authorizationParams,...e.additionalParams});if(this.config.state){let r=e.state||this.generateState();t.set("state",r);}if(this.config.pkce){let{verifier:r,challenge:n}=await l.generateChallenge(),i=e.state||t.get("state")||this.generateState();this.pkceStore.set(i,r),t.set("code_challenge",n),t.set("code_challenge_method","S256"),t.has("state")||t.set("state",i);}return e.loginHint&&t.set("login_hint",e.loginHint),e.prompt&&t.set("prompt",e.prompt),e.accessType&&t.set("access_type",e.accessType),`${this.config.endpoints.authorization}?${t.toString()}`}async handleCallback(e,t={}){try{let r=await this.exchangeCodeForTokens(e,t.state),n={};if(r.id_token){let s=this.decodeJWT(r.id_token);s&&(n=s);}if(this.config.endpoints.userInfo&&r.access_token)try{let s=await this.fetchUserInfo(r.access_token);n={...n,...s};}catch(s){if(!r.id_token)throw s}if(!n||Object.keys(n).length===0)throw new Error("No user profile data available");let i=this.mapUserProfile(n);if(!t.skipEmailVerification&&i.emailVerified===!1)throw new Error("Email address is not verified");t.includeRawResponse&&(i.raw=n);let o={user:i};return t.includeTokens&&(o.tokens={access:r.access_token,refresh:r.refresh_token,idToken:r.id_token,expiresIn:r.expires_in,tokenType:r.token_type}),this.config.pkce&&t.state&&this.pkceStore.delete(t.state),o}catch(r){throw this.config.pkce&&t.state&&this.pkceStore.delete(t.state),r instanceof Error?new Error(`${this.config.name} authentication failed: ${r.message}`):new Error(`An unexpected error occurred during ${this.config.name} authentication`)}}async exchangeCodeForTokens(e,t){let r=new URLSearchParams({code:e,client_id:this.config.clientId,client_secret:this.config.clientSecret,redirect_uri:this.config.redirectUri,grant_type:"authorization_code",...this.config.tokenParams});if(this.config.pkce&&t){let a=this.pkceStore.get(t);if(a)r.set("code_verifier",a);else throw new Error("PKCE verifier not found for state")}let n=await fetch(this.config.endpoints.token,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"},body:r.toString()});if(!n.ok){let a=await n.text();throw new Error(`Token exchange failed: ${n.status} - ${a}`)}let i=n.headers.get("content-type");if(i&&i.includes("application/json"))return await n.json();let o=await n.text(),s={};return new URLSearchParams(o).forEach((a,h)=>{s[h]=a;}),s}async fetchUserInfo(e){if(!this.config.endpoints.userInfo)return null;let t={Authorization:`Bearer ${e}`,Accept:"application/json",...this.config.userInfoHeaders},r=await fetch(this.config.endpoints.userInfo,{headers:t});if(!r.ok)throw new Error(`Failed to fetch user info: ${r.status}`);return await r.json()}mapUserProfile(e){let t=this.config.userProfileMapping,r=(i,o)=>{if(!i)return o;if(typeof i=="function")try{return i(e)||o}catch{return o}let s=i.split("."),c=e;for(let a of s)if(c=c?.[a],c===void 0)return o;return c||o},n={id:r(t.id,""),email:r(t.email,""),name:r(t.name),avatar:r(t.avatar),provider:this.config.name,emailVerified:r(t.emailVerified)};if(t.metadata){n.metadata={};for(let[i,o]of Object.entries(t.metadata)){let s=r(o);s!==void 0&&(n.metadata[i]=s);}}return n}async revokeTokens(e,t="access_token"){if(!this.config.endpoints.revoke)return false;try{let r=new URLSearchParams({token:e,token_type_hint:t,client_id:this.config.clientId,client_secret:this.config.clientSecret});return (await fetch(this.config.endpoints.revoke,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:r.toString()})).ok}catch{return false}}async refreshAccessToken(e){let t=new URLSearchParams({refresh_token:e,client_id:this.config.clientId,client_secret:this.config.clientSecret,grant_type:"refresh_token"}),r=await fetch(this.config.endpoints.token,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"},body:t.toString()});if(!r.ok){let n=await r.text();throw new Error(`Token refresh failed: ${r.status} - ${n}`)}return await r.json()}async validateIdToken(e){try{let t=this.decodeJWT(e);if(!t)return null;let r=Math.floor(Date.now()/1e3);return t.exp&&t.exp<r||t.aud&&t.aud!==this.config.clientId?null:t}catch{return null}}decodeJWT(e){try{let t=e.split(".");if(t.length!==3)return null;let r=t[1],n=r+"=".repeat((4-r.length%4)%4),i=atob(n.replace(/-/g,"+").replace(/_/g,"/"));return JSON.parse(i)}catch{return null}}generateState(e){let t=crypto.getRandomValues(new Uint8Array(32)),r=Array.from(t,n=>n.toString(16).padStart(2,"0")).join("");if(e){let n=JSON.stringify(e),i=btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"");return `${r}.${i}`}return r}parseState(e){let t=e.split(".");if(t.length===1)return {token:t[0]};try{let r=t[1],n=r+"=".repeat((4-r.length%4)%4),i=atob(n.replace(/-/g,"+").replace(/_/g,"/")),o=JSON.parse(i);return {token:t[0],data:o}}catch{return {token:t[0]}}}getConfig(){return {...this.config}}updateConfig(e){let{name:t,endpoints:r,...n}=e;if(t||r)throw new Error("Cannot update provider name or endpoints after initialization");this.config={...this.config,...n};}clearPKCEStore(){this.pkceStore.clear();}},f=class{constructor(){this.providers=new Map;}register(e){if(this.providers.has(e.name))throw new Error(`Provider "${e.name}" is already registered`);let t=new g(e);return this.providers.set(e.name,t),t}get(e){return this.providers.get(e)}remove(e){let t=this.providers.get(e);return t&&t.clearPKCEStore(),this.providers.delete(e)}list(){return Array.from(this.providers.keys())}has(e){return this.providers.has(e)}clear(){this.providers.forEach(e=>e.clearPKCEStore()),this.providers.clear();}},Oe=new f; Object.defineProperty(exports,"checkGitHubOrgMembership",{enumerable:true,get:function(){return chunk7XJHFHZC_cjs.f}});Object.defineProperty(exports,"getGitHubOAuthURL",{enumerable:true,get:function(){return chunk7XJHFHZC_cjs.a}});Object.defineProperty(exports,"getGitHubRateLimit",{enumerable:true,get:function(){return chunk7XJHFHZC_cjs.j}});Object.defineProperty(exports,"getGitHubUserOrganizations",{enumerable:true,get:function(){return chunk7XJHFHZC_cjs.e}});Object.defineProperty(exports,"handleGitHubCallback",{enumerable:true,get:function(){return chunk7XJHFHZC_cjs.b}});Object.defineProperty(exports,"resetGitHubOAuthConfig",{enumerable:true,get:function(){return chunk7XJHFHZC_cjs.i}});Object.defineProperty(exports,"revokeGitHubToken",{enumerable:true,get:function(){return chunk7XJHFHZC_cjs.c}});Object.defineProperty(exports,"validateGitHubToken",{enumerable:true,get:function(){return chunk7XJHFHZC_cjs.d}});Object.defineProperty(exports,"generateOAuthState",{enumerable:true,get:function(){return chunkKNJJ53V6_cjs.e}});Object.defineProperty(exports,"getGoogleOAuthURL",{enumerable:true,get:function(){return chunkKNJJ53V6_cjs.a}});Object.defineProperty(exports,"handleGoogleCallback",{enumerable:true,get:function(){return chunkKNJJ53V6_cjs.b}});Object.defineProperty(exports,"parseOAuthState",{enumerable:true,get:function(){return chunkKNJJ53V6_cjs.f}});Object.defineProperty(exports,"resetGoogleOAuthConfig",{enumerable:true,get:function(){return chunkKNJJ53V6_cjs.g}});Object.defineProperty(exports,"revokeGoogleTokens",{enumerable:true,get:function(){return chunkKNJJ53V6_cjs.c}});Object.defineProperty(exports,"validateGoogleIdToken",{enumerable:true,get:function(){return chunkKNJJ53V6_cjs.d}});Object.defineProperty(exports,"generateAppleNonce",{enumerable:true,get:function(){return chunk6RHTSQEI_cjs.h}});Object.defineProperty(exports,"generateAppleOAuthState",{enumerable:true,get:function(){return chunk6RHTSQEI_cjs.f}});Object.defineProperty(exports,"getAppleOAuthURL",{enumerable:true,get:function(){return chunk6RHTSQEI_cjs.a}});Object.defineProperty(exports,"handleAppleCallback",{enumerable:true,get:function(){return chunk6RHTSQEI_cjs.b}});Object.defineProperty(exports,"parseAppleOAuthState",{enumerable:true,get:function(){return chunk6RHTSQEI_cjs.g}});Object.defineProperty(exports,"refreshAppleAccessToken",{enumerable:true,get:function(){return chunk6RHTSQEI_cjs.d}});Object.defineProperty(exports,"resetAppleOAuthConfig",{enumerable:true,get:function(){return chunk6RHTSQEI_cjs.i}});Object.defineProperty(exports,"revokeAppleTokens",{enumerable:true,get:function(){return chunk6RHTSQEI_cjs.c}});Object.defineProperty(exports,"signWithES256",{enumerable:true,get:function(){return chunk6RHTSQEI_cjs.j}});Object.defineProperty(exports,"validateAppleIdToken",{enumerable:true,get:function(){return chunk6RHTSQEI_cjs.e}});Object.defineProperty(exports,"DiscordPermissions",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.a}});Object.defineProperty(exports,"calculatePermissions",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.n}});Object.defineProperty(exports,"checkGuildMembership",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.g}});Object.defineProperty(exports,"getDiscordBotInviteURL",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.j}});Object.defineProperty(exports,"getDiscordOAuthURL",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.b}});Object.defineProperty(exports,"getDiscordUserById",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.f}});Object.defineProperty(exports,"getGuildMemberRoles",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.h}});Object.defineProperty(exports,"handleDiscordCallback",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.c}});Object.defineProperty(exports,"refreshDiscordToken",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.d}});Object.defineProperty(exports,"resetDiscordOAuthConfig",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.m}});Object.defineProperty(exports,"revokeDiscordToken",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.e}});Object.defineProperty(exports,"validateDiscordToken",{enumerable:true,get:function(){return chunkU7X54YR4_cjs.i}});Object.defineProperty(exports,"debugFacebookToken",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.d}});Object.defineProperty(exports,"deleteFacebookUserData",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.l}});Object.defineProperty(exports,"exchangeForLongLivedToken",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.c}});Object.defineProperty(exports,"getFacebookAppAccessToken",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.i}});Object.defineProperty(exports,"getFacebookLoginStatusURL",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.n}});Object.defineProperty(exports,"getFacebookOAuthURL",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.a}});Object.defineProperty(exports,"getFacebookUserById",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.g}});Object.defineProperty(exports,"getFacebookUserPermissions",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.e}});Object.defineProperty(exports,"handleFacebookCallback",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.b}});Object.defineProperty(exports,"resetFacebookOAuthConfig",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.m}});Object.defineProperty(exports,"revokeFacebookPermission",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.f}});Object.defineProperty(exports,"validateFacebookToken",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.h}});Object.defineProperty(exports,"verifyFacebookWebhookSignature",{enumerable:true,get:function(){return chunk7WU7RGT7_cjs.o}});Object.defineProperty(exports,"generateLinkedInOAuthState",{enumerable:true,get:function(){return chunkVT33DMBK_cjs.g}});Object.defineProperty(exports,"getLinkedInOAuthURL",{enumerable:true,get:function(){return chunkVT33DMBK_cjs.a}});Object.defineProperty(exports,"handleLinkedInCallback",{enumerable:true,get:function(){return chunkVT33DMBK_cjs.b}});Object.defineProperty(exports,"introspectLinkedInToken",{enumerable:true,get:function(){return chunkVT33DMBK_cjs.d}});Object.defineProperty(exports,"parseLinkedInOAuthState",{enumerable:true,get:function(){return chunkVT33DMBK_cjs.h}});Object.defineProperty(exports,"refreshLinkedInAccessToken",{enumerable:true,get:function(){return chunkVT33DMBK_cjs.e}});Object.defineProperty(exports,"resetLinkedInOAuthConfig",{enumerable:true,get:function(){return chunkVT33DMBK_cjs.i}});Object.defineProperty(exports,"revokeLinkedInTokens",{enumerable:true,get:function(){return chunkVT33DMBK_cjs.c}});Object.defineProperty(exports,"validateLinkedInIdToken",{enumerable:true,get:function(){return chunkVT33DMBK_cjs.f}});Object.defineProperty(exports,"PKCEUtils",{enumerable:true,get:function(){return chunk5J33RH7C_cjs.a}});Object.defineProperty(exports,"cleanupPKCEStorage",{enumerable:true,get:function(){return chunk5J33RH7C_cjs.j}});Object.defineProperty(exports,"getXOAuthURL",{enumerable:true,get:function(){return chunk5J33RH7C_cjs.b}});Object.defineProperty(exports,"getXUserById",{enumerable:true,get:function(){return chunk5J33RH7C_cjs.f}});Object.defineProperty(exports,"handleXCallback",{enumerable:true,get:function(){return chunk5J33RH7C_cjs.c}});Object.defineProperty(exports,"refreshXToken",{enumerable:true,get:function(){return chunk5J33RH7C_cjs.d}});Object.defineProperty(exports,"resetXOAuthConfig",{enumerable:true,get:function(){return chunk5J33RH7C_cjs.k}});Object.defineProperty(exports,"revokeXToken",{enumerable:true,get:function(){return chunk5J33RH7C_cjs.e}});Object.defineProperty(exports,"validateXToken",{enumerable:true,get:function(){return chunk5J33RH7C_cjs.g}});exports.CustomOAuthProvider=g;exports.OAuthProviderManager=f;exports.oAuthManager=Oe;