Socket
Socket
Sign inDemoInstall

@auth/core

Package Overview
Dependencies
Maintainers
2
Versions
97
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@auth/core - npm Package Compare versions

Comparing version 0.21.0 to 0.22.0

7

index.d.ts

@@ -273,3 +273,2 @@ /**

/**
*
* Use this option to enable experimental features.

@@ -281,3 +280,9 @@ * When enabled, it will print a warning message to the console.

experimental?: Record<string, boolean>;
/**
* The base path of the Auth.js API endpoints.
*
* @default "/auth"
*/
basePath?: string;
}
//# sourceMappingURL=index.d.ts.map

5

index.js

@@ -65,3 +65,3 @@ /**

setLogger(config.logger, config.debug);
const internalRequest = await toInternalRequest(request);
const internalRequest = await toInternalRequest(request, config);
if (internalRequest instanceof Error) {

@@ -123,4 +123,3 @@ logger.error(internalRequest);

const params = new URLSearchParams({ error: type });
const path = config.pages?.[page] ??
`${internalRequest.url.pathname}/${page.toLowerCase()}`;
const path = config.pages?.[page] ?? `${config.basePath}/${page.toLowerCase()}`;
const url = `${internalRequest.url.origin}${path}?${params}`;

@@ -127,0 +126,0 @@ if (isRedirect)

2

lib/index.js

@@ -37,3 +37,3 @@ import { UnknownAction } from "../errors.js";

case "signin":
return render.signin(error);
return render.signin(providerId, error);
case "signout":

@@ -40,0 +40,0 @@ return render.signout();

2

lib/pages/index.d.ts

@@ -33,3 +33,3 @@ import type { InternalOptions, RequestInternal, ResponseInternal, InternalProvider, PublicProvider } from "../../types.js";

};
signin(error: any): ResponseInternal<any>;
signin(providerId?: string, error?: any): ResponseInternal<any>;
signout(): ResponseInternal<any>;

@@ -36,0 +36,0 @@ verifyRequest(props?: any): ResponseInternal<any>;

5

lib/pages/index.js

@@ -7,2 +7,3 @@ import { renderToString } from "preact-render-to-string";

import VerifyRequestPage from "./verify-request.js";
import { UnknownAction } from "../../errors.js";
function send({ html, title, status, cookies, theme }) {

@@ -48,3 +49,5 @@ return {

},
signin(error) {
signin(providerId, error) {
if (providerId)
throw new UnknownAction("Unsupported action");
if (pages?.signIn) {

@@ -51,0 +54,0 @@ let signinUrl = `${pages.signIn}${pages.signIn.includes("?") ? "&" : "?"}${new URLSearchParams({ callbackUrl: params.callbackUrl ?? "/" })}`;

3

lib/utils/providers.js

@@ -8,3 +8,4 @@ import { OAuthProfileParseError } from "../../errors.js";

export default function parseProviders(params) {
const { url, providerId, options } = params;
const { providerId, options } = params;
const url = new URL(options.basePath ?? "/auth", params.url.origin);
const providers = params.providers.map((p) => {

@@ -11,0 +12,0 @@ const provider = typeof p === "function" ? p() : p;

4

lib/utils/web.d.ts

@@ -1,3 +0,3 @@

import type { RequestInternal, ResponseInternal } from "../../types.js";
export declare function toInternalRequest(req: Request): Promise<RequestInternal | Error>;
import type { AuthConfig, RequestInternal, ResponseInternal } from "../../types.js";
export declare function toInternalRequest(req: Request, config: AuthConfig): Promise<RequestInternal | Error>;
export declare function toRequest(request: RequestInternal): Request;

@@ -4,0 +4,0 @@ export declare function toResponse(res: ResponseInternal): Response;

49

lib/utils/web.js

@@ -25,24 +25,10 @@ import { parse as parseCookie, serialize } from "cookie";

];
export async function toInternalRequest(req) {
export async function toInternalRequest(req, config) {
try {
let originalUrl = new URL(req.url.replace(/\/$/, ""));
let url = new URL(originalUrl);
const pathname = url.pathname.replace(/\/$/, "");
const action = actions.find((a) => pathname.includes(a));
if (!action) {
throw new UnknownAction(`Cannot detect action in pathname (${pathname}).`);
}
// Remove anything after the basepath
const re = new RegExp(`/${action}.*`);
url = new URL(url.href.replace(re, ""));
if (req.method !== "GET" && req.method !== "POST") {
if (req.method !== "GET" && req.method !== "POST")
throw new UnknownAction("Only GET and POST requests are supported.");
}
const providerIdOrAction = pathname.split("/").pop();
let providerId;
if (providerIdOrAction &&
!action.includes(providerIdOrAction) &&
["signin", "callback"].includes(action)) {
providerId = providerIdOrAction;
}
// Defaults are usually set in the `init` function, but this is needed below
config.basePath ?? (config.basePath = "/auth");
const url = new URL(req.url);
const { action, providerId } = parseActionAndProviderId(url.pathname, config.basePath);
return {

@@ -56,4 +42,4 @@ url,

cookies: parseCookie(req.headers.get("cookie") ?? "") ?? {},
error: originalUrl.searchParams.get("error") ?? undefined,
query: Object.fromEntries(originalUrl.searchParams),
error: url.searchParams.get("error") ?? undefined,
query: Object.fromEntries(url.searchParams),
};

@@ -111,1 +97,20 @@ }

}
function isAction(action) {
return actions.includes(action);
}
/** @internal Parse the action and provider id from a URL pathname. */
export function parseActionAndProviderId(pathname, base) {
const a = pathname.split(base);
if (a.length !== 2 || a[0] !== "")
throw new UnknownAction(`Cannot parse action at ${pathname}`);
const [_, actionAndProviderId] = a;
const b = actionAndProviderId.replace(/^\//, "").split("/");
if (b.length !== 1 && b.length !== 2)
throw new UnknownAction(`Cannot parse action at ${pathname}`);
const [action, providerId] = b;
if (!isAction(action))
throw new UnknownAction(`Cannot parse action at ${pathname}`);
if (providerId && !["signin", "callback"].includes(action))
throw new UnknownAction(`Cannot parse action at ${pathname}`);
return { action, providerId };
}

2

package.json
{
"name": "@auth/core",
"version": "0.21.0",
"version": "0.22.0",
"description": "Authentication for the Web.",

@@ -5,0 +5,0 @@ "keywords": [

12

src/index.ts

@@ -94,3 +94,3 @@ /**

const internalRequest = await toInternalRequest(request)
const internalRequest = await toInternalRequest(request, config)

@@ -174,4 +174,3 @@ if (internalRequest instanceof Error) {

const path =
config.pages?.[page] ??
`${internalRequest.url.pathname}/${page.toLowerCase()}`
config.pages?.[page] ?? `${config.basePath}/${page.toLowerCase()}`

@@ -417,3 +416,2 @@ const url = `${internalRequest.url.origin}${path}?${params}`

/**
*
* Use this option to enable experimental features.

@@ -425,2 +423,8 @@ * When enabled, it will print a warning message to the console.

experimental?: Record<string, boolean>
/**
* The base path of the Auth.js API endpoints.
*
* @default "/auth"
*/
basePath?: string
}

2

src/lib/index.ts

@@ -51,3 +51,3 @@ import { UnknownAction } from "../errors.js"

case "signin":
return render.signin(error)
return render.signin(providerId, error)
case "signout":

@@ -54,0 +54,0 @@ return render.signout()

1

src/lib/init.ts

@@ -9,3 +9,2 @@ import * as jwt from "../jwt.js"

import { logger, type LoggerInstance } from "./utils/logger.js"
import parseUrl from "./utils/parse-url.js"
import { merge } from "./utils/merge.js"

@@ -12,0 +11,0 @@

5

src/lib/pages/index.ts

@@ -7,5 +7,5 @@ import { renderToString } from "preact-render-to-string"

import VerifyRequestPage from "./verify-request.js"
import { UnknownAction } from "../../errors.js"
import type {
ErrorPageParam,
InternalOptions,

@@ -76,3 +76,4 @@ RequestInternal,

},
signin(error: any) {
signin(providerId?: string, error?: any) {
if (providerId) throw new UnknownAction("Unsupported action")
if (pages?.signIn) {

@@ -79,0 +80,0 @@ let signinUrl = `${pages.signIn}${

3

src/lib/utils/providers.ts

@@ -28,3 +28,4 @@ import { OAuthProfileParseError } from "../../errors.js"

} {
const { url, providerId, options } = params
const { providerId, options } = params
const url = new URL(options.basePath ?? "/auth", params.url.origin)

@@ -31,0 +32,0 @@ const providers = params.providers.map((p) => {

75

src/lib/utils/web.ts

@@ -6,2 +6,3 @@ import { parse as parseCookie, serialize } from "cookie"

AuthAction,
AuthConfig,
RequestInternal,

@@ -35,32 +36,19 @@ ResponseInternal,

export async function toInternalRequest(
req: Request
req: Request,
config: AuthConfig
): Promise<RequestInternal | Error> {
try {
let originalUrl = new URL(req.url.replace(/\/$/, ""))
let url = new URL(originalUrl)
const pathname = url.pathname.replace(/\/$/, "")
if (req.method !== "GET" && req.method !== "POST")
throw new UnknownAction("Only GET and POST requests are supported.")
const action = actions.find((a) => pathname.includes(a))
if (!action) {
throw new UnknownAction(`Cannot detect action in pathname (${pathname}).`)
}
// Defaults are usually set in the `init` function, but this is needed below
config.basePath ??= "/auth"
// Remove anything after the basepath
const re = new RegExp(`/${action}.*`)
url = new URL(url.href.replace(re, ""))
const url = new URL(req.url)
if (req.method !== "GET" && req.method !== "POST") {
throw new UnknownAction("Only GET and POST requests are supported.")
}
const { action, providerId } = parseActionAndProviderId(
url.pathname,
config.basePath
)
const providerIdOrAction = pathname.split("/").pop()
let providerId
if (
providerIdOrAction &&
!action.includes(providerIdOrAction) &&
["signin", "callback"].includes(action)
) {
providerId = providerIdOrAction
}
return {

@@ -74,4 +62,4 @@ url,

cookies: parseCookie(req.headers.get("cookie") ?? "") ?? {},
error: originalUrl.searchParams.get("error") ?? undefined,
query: Object.fromEntries(originalUrl.searchParams),
error: url.searchParams.get("error") ?? undefined,
query: Object.fromEntries(url.searchParams),
}

@@ -136,1 +124,36 @@ } catch (e) {

}
function isAction(action: string): action is AuthAction {
return actions.includes(action as AuthAction)
}
/** @internal Parse the action and provider id from a URL pathname. */
export function parseActionAndProviderId(
pathname: string,
base: string
): {
action: AuthAction
providerId?: string
} {
const a = pathname.split(base)
if (a.length !== 2 || a[0] !== "")
throw new UnknownAction(`Cannot parse action at ${pathname}`)
const [_, actionAndProviderId] = a
const b = actionAndProviderId.replace(/^\//, "").split("/")
if (b.length !== 1 && b.length !== 2)
throw new UnknownAction(`Cannot parse action at ${pathname}`)
const [action, providerId] = b
if (!isAction(action))
throw new UnknownAction(`Cannot parse action at ${pathname}`)
if (providerId && !["signin", "callback"].includes(action))
throw new UnknownAction(`Cannot parse action at ${pathname}`)
return { action, providerId }
}
lib/utils/parse-url.d.ts
lib/utils/parse-url.d.ts.map
lib/utils/parse-url.js
src/lib/utils/parse-url.ts
index.d.ts.map

Sorry, the diff of this file is not supported yet

lib/init.d.ts.map

Sorry, the diff of this file is not supported yet

lib/pages/index.d.ts.map

Sorry, the diff of this file is not supported yet

lib/utils/providers.d.ts.map

Sorry, the diff of this file is not supported yet

lib/utils/web.d.ts.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc