🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →

@mastra/auth

Advanced tools

License

Install Socket

Detect and block malicious and high-risk dependencies

Install

@mastra/auth - npm Package Compare versions

Comparing version

1.0.2

1.0.3-alpha.0

+9

-0

CHANGELOG.md

		# @mastra/auth

		## 1.0.3-alpha.0

		### Patch Changes

		- Security remediation for the 2026-06-17 "easy-day-js" supply-chain incident. Patch bump to publish clean versions and move the `latest` dist-tag forward, superseding the compromised versions that declared the malicious `easy-day-js` dependency. ([#18056](https://github.com/mastra-ai/mastra/pull/18056))

		- Updated dependencies [[`77a2351`](https://github.com/mastra-ai/mastra/commit/77a2351ee79296e360bce822cb3391f7cfd6489d)]:
		- @mastra/core@1.43.1-alpha.0

		## 1.0.2
		@@ -4,0 +13,0 @@

+1

-1

dist/docs/assets/SOURCE_MAP.json

		{
		"version": "1.0.2",
		"version": "1.0.3-alpha.0",
		"package": "@mastra/auth",
		@@ -4,0 +4,0 @@ "exports": {},

+3

-5

dist/docs/referenc...ocs-server-auth-custom-auth-provider.md

		@@ -1,2 +0,2 @@
		# Custom auth providers
		# Custom auth provider

		@@ -510,5 +510,3 @@ Custom auth providers allow you to implement authentication for identity systems that aren't covered by the built-in providers. Extend the `MastraAuthProvider` base class to integrate with any authentication system.

		- [Auth Overview](https://mastra.ai/docs/server/auth) - Authentication concepts and configuration
		- [JWT Auth](https://mastra.ai/docs/server/auth/jwt) - Simple JWT authentication
		- [Clerk Auth](https://mastra.ai/docs/server/auth/clerk) - Clerk integration
		- [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) - Controlling authentication on custom endpoints
		- [Auth Overview](https://mastra.ai/docs/server/auth): Authentication concepts and configuration
		- [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes): Controlling authentication on custom endpoints

+18

-14

dist/docs/references/docs-server-auth-jwt.md

		@@ -1,2 +0,2 @@
		# MastraJwtAuth class
		# JSON Web Token

		@@ -33,4 +33,18 @@ The `MastraJwtAuth` class provides a lightweight authentication mechanism for Mastra using JSON Web Tokens (JWTs). It verifies incoming requests based on a shared secret and integrates with the Mastra server using the `auth` option.

		## Creating a JWT

		To authenticate requests to your Mastra server, you'll need a valid JSON Web Token (JWT) signed with your `MASTRA_JWT_SECRET`.

		The easiest way to generate one is using [jwt.io](https://www.jwt.io/):

		1. Select JWT Encoder.
		2. Scroll down to the Sign JWT: Secret section.
		3. Enter your secret (for example: `supersecretdevkeythatishs256safe!`).
		4. Click Generate example to create a valid JWT.
		5. Copy the generated token and set it as `MASTRA_JWT_TOKEN` in your `.env` file.

		## Usage example

		Take your generated JWT and use it to configure `MastraJwtAuth` in your Mastra server:

		```typescript
		@@ -51,2 +65,4 @@ import { Mastra } from '@mastra/core'

		Inside [Studio](https://mastra.ai/docs/studio/overview), go to Settings and under Headers select the "Add Header" button. Enter `Authorization` as the header name and `Bearer <your-jwt>` as the value.

		## Configuring `MastraClient`
		@@ -100,14 +116,2 @@
		}'
		```

		## Creating a JWT

		To authenticate requests to your Mastra server, you'll need a valid JSON Web Token (JWT) signed with your `MASTRA_JWT_SECRET`.

		The easiest way to generate one is using [jwt.io](https://www.jwt.io/):

		1. Select JWT Encoder.
		2. Scroll down to the Sign JWT: Secret section.
		3. Enter your secret (for example: `supersecretdevkeythatishs256safe!`).
		4. Click Generate example to create a valid JWT.
		5. Copy the generated token and set it as `MASTRA_JWT_TOKEN` in your `.env` file.
		```

+10

-7

dist/docs/references/docs-server-auth.md

		# Auth overview

		Mastra lets you choose how you handle authentication, so you can secure access to your API and [Studio](https://mastra.ai/docs/getting-started/studio) using the identity system that fits your stack.
		Mastra lets you choose how you handle authentication, so you can secure access to your API and [Studio](https://mastra.ai/docs/studio/overview) using the identity system that fits your stack.

		You can start with basic shared secret JWT authentication and switch to providers like Supabase, Firebase Auth, Auth0, Clerk, or WorkOS when you need more advanced identity features.
		You can start with basic shared secret JWT authentication and switch to known providers when you need more advanced identity features.

		@@ -16,4 +16,6 @@ ## What auth secures

		See [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) for controlling authentication on custom endpoints.
		See [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) for controlling authentication on custom endpoints. Visit the [Studio Auth docs](https://mastra.ai/docs/studio/auth) for more on securing your Studio deployment.

		> Note: Authentication for Studio is currently supported by the following providers: Simple Auth, JWT, WorkOS, and Better Auth.

		## Available providers
		@@ -23,4 +25,4 @@

		- [Simple Auth](https://mastra.ai/docs/server/auth/simple-auth) - Token-to-user mapping for development and API keys
		- [JSON Web Token (JWT)](https://mastra.ai/docs/server/auth/jwt) - HMAC-signed JWT verification
		- [Simple Auth](https://mastra.ai/docs/server/auth/simple-auth): Token-to-user mapping for development and API keys
		- [JSON Web Token (JWT)](https://mastra.ai/docs/server/auth/jwt): HMAC-signed JWT verification

		@@ -33,2 +35,3 @@ ### Third-party integrations
		- [Firebase](https://mastra.ai/docs/server/auth/firebase)
		- [Okta](https://mastra.ai/docs/server/auth/okta)
		- [Supabase](https://mastra.ai/docs/server/auth/supabase)
		@@ -39,3 +42,3 @@ - [WorkOS](https://mastra.ai/docs/server/auth/workos)

		- [Composite Auth](https://mastra.ai/docs/server/auth/composite-auth) - Combine multiple auth providers
		- [Custom Auth Provider](https://mastra.ai/docs/server/auth/custom-auth-provider) - Build your own provider
		- [Composite Auth](https://mastra.ai/docs/server/auth/composite-auth): Combine multiple auth providers
		- [Custom Auth Provider](https://mastra.ai/docs/server/auth/custom-auth-provider): Build your own provider

+1

-1

dist/docs/references/reference-auth-jwt.md

		@@ -26,2 +26,2 @@ # MastraJwtAuth class

		[MastraJwtAuth](https://mastra.ai/docs/server/auth/jwt)
		- [JSON Web Token](https://mastra.ai/docs/server/auth/jwt)

+2

-2

dist/docs/SKILL.md

		@@ -6,3 +6,3 @@ ---
		package: "@mastra/auth"
		version: "1.0.2"
		version: "1.0.3-alpha.0"
		---
		@@ -22,3 +22,3 @@
		- [Custom auth provider](references/docs-server-auth-custom-auth-provider.md) - Create custom authentication providers for specialized identity systems
		- [MastraJwtAuth class](references/docs-server-auth-jwt.md) - Documentation for the MastraJwtAuth class, which authenticates Mastra applications using JSON Web Tokens.
		- [JSON Web Token](references/docs-server-auth-jwt.md) - Documentation for JSON Web Token usage inside Mastra.

		@@ -25,0 +25,0 @@ ### Reference

+2

-156

dist/index.cjs

		@@ -5,2 +5,3 @@ 'use strict';
		var jwksClient = require('jwks-rsa');
		var server = require('@mastra/core/server');

		@@ -36,157 +37,2 @@ function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
		}

		// ../core/dist/chunk-X2WMFSPB.js
		var RegisteredLogger = {
		LLM: "LLM"};
		var LogLevel = {
		DEBUG: "debug",
		INFO: "info",
		WARN: "warn",
		ERROR: "error"};
		var MastraLogger = class {
		name;
		level;
		transports;
		constructor(options = {}) {
		this.name = options.name \|\| "Mastra";
		this.level = options.level \|\| LogLevel.ERROR;
		this.transports = new Map(Object.entries(options.transports \|\| {}));
		}
		getTransports() {
		return this.transports;
		}
		trackException(_error) {
		}
		async listLogs(transportId, params) {
		if (!transportId \|\| !this.transports.has(transportId)) {
		return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };
		}
		return this.transports.get(transportId).listLogs(params) ?? {
		logs: [],
		total: 0,
		page: params?.page ?? 1,
		perPage: params?.perPage ?? 100,
		hasMore: false
		};
		}
		async listLogsByRunId({
		transportId,
		runId,
		fromDate,
		toDate,
		logLevel,
		filters,
		page,
		perPage
		}) {
		if (!transportId \|\| !this.transports.has(transportId) \|\| !runId) {
		return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };
		}
		return this.transports.get(transportId).listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {
		logs: [],
		total: 0,
		page: page ?? 1,
		perPage: perPage ?? 100,
		hasMore: false
		};
		}
		};
		var ConsoleLogger = class extends MastraLogger {
		constructor(options = {}) {
		super(options);
		}
		debug(message, ...args) {
		if (this.level === LogLevel.DEBUG) {
		console.info(message, ...args);
		}
		}
		info(message, ...args) {
		if (this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {
		console.info(message, ...args);
		}
		}
		warn(message, ...args) {
		if (this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {
		console.info(message, ...args);
		}
		}
		error(message, ...args) {
		if (this.level === LogLevel.ERROR \|\| this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {
		console.error(message, ...args);
		}
		}
		async listLogs(_transportId, _params) {
		return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };
		}
		async listLogsByRunId(_args) {
		return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };
		}
		};

		// ../core/dist/chunk-WCAFTXGK.js
		var MastraBase = class {
		component = RegisteredLogger.LLM;
		logger;
		name;
		#rawConfig;
		constructor({
		component,
		name,
		rawConfig
		}) {
		this.component = component \|\| RegisteredLogger.LLM;
		this.name = name;
		this.#rawConfig = rawConfig;
		this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });
		}
		/**
		* Returns the raw storage configuration this primitive was created from,
		* or undefined if it was created from code.
		*/
		toRawConfig() {
		return this.#rawConfig;
		}
		/**
		* Sets the raw storage configuration for this primitive.
		* @internal
		*/
		__setRawConfig(rawConfig) {
		this.#rawConfig = rawConfig;
		}
		/**
		* Set the logger for the agent
		* @param logger
		*/
		__setLogger(logger) {
		this.logger = logger;
		if (this.component !== RegisteredLogger.LLM) {
		this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);
		}
		}
		};

		// ../core/dist/server/index.js
		var MastraAuthProvider = class extends MastraBase {
		protected;
		public;
		constructor(options) {
		super({ component: "AUTH", name: options?.name });
		if (options?.authorizeUser) {
		this.authorizeUser = options.authorizeUser.bind(this);
		}
		this.protected = options?.protected;
		this.public = options?.public;
		}
		registerOptions(opts) {
		if (opts?.authorizeUser) {
		this.authorizeUser = opts.authorizeUser.bind(this);
		}
		if (opts?.protected) {
		this.protected = opts.protected;
		}
		if (opts?.public) {
		this.public = opts.public;
		}
		}
		};
		function str(value) {
		@@ -207,3 +53,3 @@ return typeof value === "string" ? value : void 0;
		}
		var MastraJwtAuth = class extends MastraAuthProvider {
		var MastraJwtAuth = class extends server.MastraAuthProvider {
		secret;
		@@ -210,0 +56,0 @@ mapUser;

+1

-1

dist/index.cjs.map

		@@ -1,1 +0,1 @@
		{"version":3,"sources":["../src/utils.ts","../../core/src/logger/constants.ts","../../core/src/logger/logger.ts","../../core/src/logger/default-logger.ts","../../core/src/base.ts","../../core/src/server/auth.ts","../src/jwt.ts"],"names":["jwt","jwksClient"],"mappings":";;;;;;;;;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAASC,2BAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAOD,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;;;ACjCO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAaP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACKO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;AACA,EAAA,UAAA;EAEA,WAAA,CAAY;AACV,IAAA,SAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAKC;AACD,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;EAMA,WAAA,GAAmD;AACjD,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;;;;;AAMA,EAAA,cAAA,CAAe,SAAA,EAA0C;AACvD,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AACpB,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACnCO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;AC9CA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,oBAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n WORKSPACE: 'WORKSPACE',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name \|\| 'Mastra';\n this.level = options.level \|\| LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports \|\| {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId \|\| !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId \|\| !this.transports.has(transportId) \|\| !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR \|\|\n this.level === LogLevel.WARN \|\|\n this.level === LogLevel.INFO \|\|\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n #rawConfig?: Record<string, unknown>;\n\n constructor({\n component,\n name,\n rawConfig,\n }: {\n component?: RegisteredLogger;\n name?: string;\n rawConfig?: Record<string, unknown>;\n }) {\n this.component = component \|\| RegisteredLogger.LLM;\n this.name = name;\n this.#rawConfig = rawConfig;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /*\n Returns the raw storage configuration this primitive was created from,\n * or undefined if it was created from code.\n /\n toRawConfig(): Record<string, unknown> \| undefined {\n return this.#rawConfig;\n }\n\n /\n Sets the raw storage configuration for this primitive.\n * @internal\n /\n __setRawConfig(rawConfig: Record<string, unknown>): void {\n this.#rawConfig = rawConfig;\n }\n\n /\n Set the logger for the agent\n * @param logger\n /\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> \| boolean;\n /*\n Protected paths for the auth provider\n /\n protected?: MastraAuthConfig['protected'];\n /\n Public paths for the auth provider\n /\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /\n Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n /\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser \| null>;\n\n /\n Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> \| boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User \| null;\n}\n\nfunction str(value: unknown): string \| undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User \| null {\n const id = str(payload.sub) \|\| str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) \|\| str(payload.avatar_url) \|\| str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User \| null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User \| null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User \| null> {\n return null;\n }\n}\n"]}
		{"version":3,"sources":["../src/utils.ts","../src/jwt.ts"],"names":["jwt","jwksClient","MastraAuthProvider"],"mappings":";;;;;;;;;;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAASC,2BAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAOD,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;ACrBA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4BE,yBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOF,oBAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User \| null;\n}\n\nfunction str(value: unknown): string \| undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User \| null {\n const id = str(payload.sub) \|\| str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) \|\| str(payload.avatar_url) \|\| str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User \| null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User \| null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User \| null> {\n return null;\n }\n}\n"]}

+1

-155

dist/index.js

		import jwt from 'jsonwebtoken';
		import jwksClient from 'jwks-rsa';
		import { MastraAuthProvider } from '@mastra/core/server';

		@@ -28,157 +29,2 @@ // src/utils.ts
		}

		// ../core/dist/chunk-X2WMFSPB.js
		var RegisteredLogger = {
		LLM: "LLM"};
		var LogLevel = {
		DEBUG: "debug",
		INFO: "info",
		WARN: "warn",
		ERROR: "error"};
		var MastraLogger = class {
		name;
		level;
		transports;
		constructor(options = {}) {
		this.name = options.name \|\| "Mastra";
		this.level = options.level \|\| LogLevel.ERROR;
		this.transports = new Map(Object.entries(options.transports \|\| {}));
		}
		getTransports() {
		return this.transports;
		}
		trackException(_error) {
		}
		async listLogs(transportId, params) {
		if (!transportId \|\| !this.transports.has(transportId)) {
		return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };
		}
		return this.transports.get(transportId).listLogs(params) ?? {
		logs: [],
		total: 0,
		page: params?.page ?? 1,
		perPage: params?.perPage ?? 100,
		hasMore: false
		};
		}
		async listLogsByRunId({
		transportId,
		runId,
		fromDate,
		toDate,
		logLevel,
		filters,
		page,
		perPage
		}) {
		if (!transportId \|\| !this.transports.has(transportId) \|\| !runId) {
		return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };
		}
		return this.transports.get(transportId).listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {
		logs: [],
		total: 0,
		page: page ?? 1,
		perPage: perPage ?? 100,
		hasMore: false
		};
		}
		};
		var ConsoleLogger = class extends MastraLogger {
		constructor(options = {}) {
		super(options);
		}
		debug(message, ...args) {
		if (this.level === LogLevel.DEBUG) {
		console.info(message, ...args);
		}
		}
		info(message, ...args) {
		if (this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {
		console.info(message, ...args);
		}
		}
		warn(message, ...args) {
		if (this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {
		console.info(message, ...args);
		}
		}
		error(message, ...args) {
		if (this.level === LogLevel.ERROR \|\| this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {
		console.error(message, ...args);
		}
		}
		async listLogs(_transportId, _params) {
		return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };
		}
		async listLogsByRunId(_args) {
		return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };
		}
		};

		// ../core/dist/chunk-WCAFTXGK.js
		var MastraBase = class {
		component = RegisteredLogger.LLM;
		logger;
		name;
		#rawConfig;
		constructor({
		component,
		name,
		rawConfig
		}) {
		this.component = component \|\| RegisteredLogger.LLM;
		this.name = name;
		this.#rawConfig = rawConfig;
		this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });
		}
		/**
		* Returns the raw storage configuration this primitive was created from,
		* or undefined if it was created from code.
		*/
		toRawConfig() {
		return this.#rawConfig;
		}
		/**
		* Sets the raw storage configuration for this primitive.
		* @internal
		*/
		__setRawConfig(rawConfig) {
		this.#rawConfig = rawConfig;
		}
		/**
		* Set the logger for the agent
		* @param logger
		*/
		__setLogger(logger) {
		this.logger = logger;
		if (this.component !== RegisteredLogger.LLM) {
		this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);
		}
		}
		};

		// ../core/dist/server/index.js
		var MastraAuthProvider = class extends MastraBase {
		protected;
		public;
		constructor(options) {
		super({ component: "AUTH", name: options?.name });
		if (options?.authorizeUser) {
		this.authorizeUser = options.authorizeUser.bind(this);
		}
		this.protected = options?.protected;
		this.public = options?.public;
		}
		registerOptions(opts) {
		if (opts?.authorizeUser) {
		this.authorizeUser = opts.authorizeUser.bind(this);
		}
		if (opts?.protected) {
		this.protected = opts.protected;
		}
		if (opts?.public) {
		this.public = opts.public;
		}
		}
		};
		function str(value) {
		@@ -185,0 +31,0 @@ return typeof value === "string" ? value : void 0;

+1

-1

dist/index.js.map

		@@ -1,1 +0,1 @@
		{"version":3,"sources":["../src/utils.ts","../../core/src/logger/constants.ts","../../core/src/logger/logger.ts","../../core/src/logger/default-logger.ts","../../core/src/base.ts","../../core/src/server/auth.ts","../src/jwt.ts"],"names":["jwt"],"mappings":";;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;;;ACjCO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAaP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACKO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;AACA,EAAA,UAAA;EAEA,WAAA,CAAY;AACV,IAAA,SAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAKC;AACD,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;EAMA,WAAA,GAAmD;AACjD,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;;;;;AAMA,EAAA,cAAA,CAAe,SAAA,EAA0C;AACvD,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AACpB,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACnCO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;AC9CA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,GAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n WORKSPACE: 'WORKSPACE',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name \|\| 'Mastra';\n this.level = options.level \|\| LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports \|\| {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId \|\| !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId \|\| !this.transports.has(transportId) \|\| !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR \|\|\n this.level === LogLevel.WARN \|\|\n this.level === LogLevel.INFO \|\|\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n #rawConfig?: Record<string, unknown>;\n\n constructor({\n component,\n name,\n rawConfig,\n }: {\n component?: RegisteredLogger;\n name?: string;\n rawConfig?: Record<string, unknown>;\n }) {\n this.component = component \|\| RegisteredLogger.LLM;\n this.name = name;\n this.#rawConfig = rawConfig;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /*\n Returns the raw storage configuration this primitive was created from,\n * or undefined if it was created from code.\n /\n toRawConfig(): Record<string, unknown> \| undefined {\n return this.#rawConfig;\n }\n\n /\n Sets the raw storage configuration for this primitive.\n * @internal\n /\n __setRawConfig(rawConfig: Record<string, unknown>): void {\n this.#rawConfig = rawConfig;\n }\n\n /\n Set the logger for the agent\n * @param logger\n /\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> \| boolean;\n /*\n Protected paths for the auth provider\n /\n protected?: MastraAuthConfig['protected'];\n /\n Public paths for the auth provider\n /\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /\n Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n /\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser \| null>;\n\n /\n Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> \| boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User \| null;\n}\n\nfunction str(value: unknown): string \| undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User \| null {\n const id = str(payload.sub) \|\| str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) \|\| str(payload.avatar_url) \|\| str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User \| null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User \| null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User \| null> {\n return null;\n }\n}\n"]}
		{"version":3,"sources":["../src/utils.ts","../src/jwt.ts"],"names":["jwt"],"mappings":";;;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;ACrBA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,GAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User \| null;\n}\n\nfunction str(value: unknown): string \| undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User \| null {\n const id = str(payload.sub) \|\| str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) \|\| str(payload.avatar_url) \|\| str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User \| null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User \| null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User \| null> {\n return null;\n }\n}\n"]}

+14

-10

package.json

		{
		"name": "@mastra/auth",
		"version": "1.0.2",
		"version": "1.0.3-alpha.0",
		"description": "",
		@@ -33,12 +33,13 @@ "type": "module",
		"@types/jsonwebtoken": "^9.0.10",
		"@types/node": "22.19.15",
		"@vitest/coverage-v8": "4.0.18",
		"@vitest/ui": "4.0.18",
		"eslint": "^9.39.4",
		"@types/node": "22.19.21",
		"@vitest/coverage-v8": "4.1.8",
		"@vitest/ui": "4.1.8",
		"eslint": "^10.4.1",
		"tsup": "^8.5.1",
		"typescript": "^5.9.3",
		"vitest": "4.0.18",
		"@mastra/core": "1.14.0",
		"@internal/types-builder": "0.0.47",
		"@internal/lint": "0.0.72"
		"tsx": "^4.22.4",
		"typescript": "^6.0.3",
		"vitest": "4.1.8",
		"@internal/lint": "0.0.105",
		"@internal/types-builder": "0.0.80",
		"@mastra/core": "1.43.1-alpha.0"
		},
		@@ -57,2 +58,5 @@ "homepage": "https://mastra.ai",
		},
		"peerDependencies": {
		"@mastra/core": ">=1.32.0-0 <2.0.0-0"
		},
		"scripts": {
		@@ -59,0 +63,0 @@ "build:lib": "tsup --silent --config tsup.config.ts",

@mastra/auth - npm Package Compare versions

New alerts

Worsened metrics