Merge branch 'main' into feat/auth-request-response

* fix: docs build

* chore: move next-auth output to dist

* chore: add next-auth as deps for doc

* Revert "chore: move next-auth output to dist"

This reverts commit 9596a9134e6de4f4bd8dcfaa6d3002e98863d8f8.

* remove dist prefix

.prettierrc.js

@@ -9,6 +9,7 @@ module.exports = {
       files: [
         "apps/dev/pages/api/auth/[...nextauth].ts",
         "docs/{sidebars,docusaurus.config}.js",
+        "packages/core/src/index.ts",
       ],
       options: { printWidth: 150 },
     },

apps/dev/nextjs/pages/api/examples/session.js

@@ -1,8 +0,0 @@
-// This is an example of how to access a session from an API route
-import { unstable_getServerSession } from "next-auth/next"
-import { authOptions } from "../auth/[...nextauth]"
-
-export default async (req, res) => {
-  const session = await unstable_getServerSession(req, res, authOptions)
-  res.json(session)
-}

apps/dev/nextjs/pages/api/examples/session.ts

@@ -0,0 +1,21 @@
+import { Auth, SessionRequest } from "@auth/core"
+import { authConfig } from "../auth/[...nextauth]"
+
+export default async function handle(req: Request) {
+  authConfig.secret = process.env.AUTH_SECRET
+
+  const response = await Auth(new SessionRequest(req), authConfig)
+  const session = await response.session()
+  if (!session) {
+    return new Response("Not authenticated", { status: 401 })
+  }
+
+  console.log(session.user) // Do something with the session
+  // Pass the original headers to set cookies (eg.: updating the session expiry)
+  response.headers.set("content-type", "text/plain")
+  return new Response("Authenticated", { headers: response.headers })
+}
+
+export const config = {
+  runtime: "experimental-edge",
+}

docs/docs/reference/06-adapters/dynamodb.md

@@ -3,7 +3,7 @@ id: dynamodb
 title: DynamoDB
 ---
 
-This is the AWS DynamoDB Adapter for next-auth. This package can only be used in conjunction with the primary next-auth package. It is not a standalone package.
+This is the AWS DynamoDB Adapter for `next-auth`. This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
 
 By default, the adapter expects a table with a partition key `pk` and a sort key `sk`, as well as a global secondary index named `GSI1` with `GSI1PK` as partition key and `GSI1SK` as sorting key. To automatically delete sessions and verification requests after they expire using [dynamodb TTL](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html) you should [enable the TTL](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/time-to-live-ttl-how-to.html) with attribute name 'expires'. You can set whatever you want as the table name and the billing method.
 
@@ -11,10 +11,10 @@ You can find the full schema in the table structure section below.
 
 ## Getting Started
 
-1. Install `next-auth` and `@next-auth/dynamodb-adapter`
+1. Install `next-auth`, `@next-auth/dynamodb-adapter`, `@aws-sdk/client-dynamodb` and `@aws-sdk/lib-dynamodb`
 
-```bash npm2yarn
-npm install next-auth @next-auth/dynamodb-adapter
+```bash npm2yarn2pnpm
+npm install next-auth @next-auth/dynamodb-adapter @aws-sdk/client-dynamodb @aws-sdk/lib-dynamodb
 ```
 
 2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
@@ -23,7 +23,7 @@ You need to pass `DynamoDBDocument` client from the modular [`aws-sdk`](https://
 The default table name is `next-auth`, but you can customise that by passing `{ tableName: 'your-table-name' }` as the second parameter in the adapter.
 
 ```javascript title="pages/api/auth/[...nextauth].js"
-import { DynamoDB } from "@aws-sdk/client-dynamodb"
+import { DynamoDB, DynamoDBClientConfig } from "@aws-sdk/client-dynamodb"
 import { DynamoDBDocument } from "@aws-sdk/lib-dynamodb"
 import NextAuth from "next-auth";
 import Providers from "next-auth/providers";
@@ -73,7 +73,7 @@ The table respects the single table design pattern. This has many advantages:
 
 - Only one table to manage, monitor and provision.
 - Querying relations is faster than with multi-table schemas (for eg. retrieving all sessions for a user).
-- Only one table needs to be replicated, if you want to go multi-region.
+- Only one table needs to be replicated if you want to go multi-region.
 
 > This schema is adapted for use in DynamoDB and based upon our main [schema](/reference/adapters/models)
 
@@ -94,7 +94,7 @@ new dynamodb.Table(this, `NextAuthTable`, {
 })
 ```
 
-Alternatively you can use this cloudformation template:
+Alternatively, you can use this cloudformation template:
 
 ```yaml title=cloudformation.yaml
 NextAuthTable:

docs/package.json

@@ -22,6 +22,7 @@
     "classnames": "^2.3.2",
     "mdx-mermaid": "1.2.2",
     "mermaid": "9.0.1",
+    "next-auth": "workspace:*",
     "prism-react-renderer": "1.3.5",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",

docs/src/css/index.css

@@ -293,6 +293,6 @@ html[data-theme="dark"] #carbonads .carbon-poweredby {
  See: https://github.com/TypeStrong/typedoc/issues/2006
 */
 /* h3.anchor + p:has(code, strong), */ /** hack did not work as it hides property types elsewhere */
-#classes {
+/* #classes {
   display: none;
-}
+} */

package.json

@@ -5,6 +5,7 @@
   "repository": "https://github.com/nextauthjs/next-auth.git",
   "scripts": {
     "build:app": "turbo run build --filter=next-auth-app",
+    "build:docs": "turbo run build --filter=docs",
     "build": "turbo run build --filter=next-auth --filter=@next-auth/* --filter=@auth/* --no-deps",
     "test": "turbo run test --concurrency=1 --filter=[HEAD^1] --filter=./packages/* --filter=!*pouchdb-* --filter=!@*upstash* --filter=!*dynamodb-*",
     "clean": "turbo run clean --no-cache",

packages/adapter-dynamodb/package.json

@@ -31,6 +31,7 @@
   "author": "Pol Marnette",
   "license": "ISC",
   "peerDependencies": {
+    "@aws-sdk/client-dynamodb": "^3.36.1",
     "@aws-sdk/lib-dynamodb": "^3.36.1",
     "next-auth": "^4"
   },

packages/core/package.json

@@ -20,7 +20,7 @@
     "Balázs Orbán <info@balazsorban.com>",
     "Nico Domino <yo@ndo.dev>",
     "Lluis Agusti <hi@llu.lu>",
-    "Thang Huu Vu <thvu@hey.com>",
+    "Thang Huu Vu <hi@thvu.dev>",
     "Iain Collins <me@iaincollins.com"
   ],
   "type": "module",

packages/core/src/index.ts

@@ -40,17 +40,17 @@ import { logger, setLogger, type LoggerInstance } from "./lib/utils/logger.js"
 import { toInternalRequest, toResponse } from "./lib/web.js"
 
 import type { Adapter } from "./adapters.js"
-import type {
-  CallbacksOptions,
-  CookiesOptions,
-  EventCallbacks,
-  PagesOptions,
-  SessionOptions,
-  Theme,
-} from "./types.js"
+import type { CallbacksOptions, CookiesOptions, EventCallbacks, PagesOptions, SessionOptions, Theme } from "./types.js"
 import type { Provider } from "./providers/index.js"
 import { JWTOptions } from "./jwt.js"
+import { ProvidersRequest, ProvidersResponse, SessionRequest, SessionResponse } from "./lib/web-extension.js"
 
+export * from "./lib/web-extension.js"
+
+/** Returns a special {@link SessionResponse} instance to read the session from the request. */
+export function Auth(request: SessionRequest, config: AuthConfig): Promise<SessionResponse>
+/** Returns a special {@link ProvidersResponse} instance to read the list of providers in a client-safe way. */
+export function Auth(request: ProvidersRequest, config: AuthConfig): Promise<ProvidersResponse>
 /**
  * Core functionality provided by Auth.js.
  *
@@ -69,19 +69,18 @@ import { JWTOptions } from "./jwt.js"
  *```
  * @see [Documentation](https://authjs.dev)
  */
-export async function Auth(
-  request: Request,
-  config: AuthConfig
-): Promise<Response> {
+export function Auth(request: Request, config: AuthConfig): Promise<Response>
+export async function Auth(request: Request, config: AuthConfig): Promise<Response> {
   setLogger(config.logger, config.debug)
 
+  const isAuthRequest = request instanceof SessionRequest || request instanceof ProvidersRequest
+
+  if (isAuthRequest) config.trustHost = true
+
   const internalRequest = await toInternalRequest(request)
   if (internalRequest instanceof Error) {
     logger.error(internalRequest)
-    return new Response(
-      `Error: This action with HTTP ${request.method} is not supported.`,
-      { status: 400 }
-    )
+    return new Response(`Error: This action with HTTP ${request.method} is not supported.`, { status: 400 })
   }
 
   const assertionResult = assertConfig(internalRequest, config)
@@ -92,14 +91,10 @@ export async function Auth(
     // Bail out early if there's an error in the user config
     logger.error(assertionResult)
     const htmlPages = ["signin", "signout", "error", "verify-request"]
-    if (
-      !htmlPages.includes(internalRequest.action) ||
-      internalRequest.method !== "GET"
-    ) {
+    if (!htmlPages.includes(internalRequest.action) || internalRequest.method !== "GET") {
       return new Response(
         JSON.stringify({
-          message:
-            "There was a problem with the server configuration. Check the server logs for more information.",
+          message: "There was a problem with the server configuration. Check the server logs for more information.",
           code: assertionResult.name,
         }),
         { status: 500, headers: { "Content-Type": "application/json" } }
@@ -108,19 +103,11 @@ export async function Auth(
 
     const { pages, theme } = config
 
-    const authOnErrorPage =
-      pages?.error &&
-      internalRequest.url.searchParams
-        .get("callbackUrl")
-        ?.startsWith(pages.error)
+    const authOnErrorPage = pages?.error && internalRequest.url.searchParams.get("callbackUrl")?.startsWith(pages.error)
 
     if (!pages?.error || authOnErrorPage) {
       if (authOnErrorPage) {
-        logger.error(
-          new ErrorPageLoop(
-            `The error page ${pages?.error} should not require authentication`
-          )
-        )
+        logger.error(new ErrorPageLoop(`The error page ${pages?.error} should not require authentication`))
       }
       const render = renderPage({ theme })
       const page = render.error({ error: "Configuration" })
@@ -144,6 +131,18 @@ export async function Auth(
       headers: response.headers,
     })
   }
+
+  if (isAuthRequest) {
+    switch (request.action) {
+      case "session":
+        return new SessionResponse(response.body, response)
+      case "providers":
+        return new ProvidersResponse(response.body, response)
+      default:
+        return response
+    }
+  }
+
   return response
 }
 

packages/core/src/lib/web-extension.ts

@@ -0,0 +1,95 @@
+import type { AuthAction, Session } from "../types.js"
+import { PublicProvider } from "./routes/providers.js"
+
+/** @internal */
+export abstract class AuthRequest extends Request {
+  abstract action: AuthAction
+}
+
+/**
+ * Extends the standard {@link Request} to add a `session()` method on the response
+ * for retrieving the {@link Session} object.
+ */
+export class SessionRequest extends AuthRequest {
+  action = "session" as const
+  constructor(req: Request) {
+    super(req.url, req)
+  }
+}
+
+export class SessionResponse extends Response {
+  action = "session" as const
+
+  /**
+   * Returns the {@link Session} object from the response, or `null`
+   * if the session is unavailable (config error, not authenticated, etc.).
+   *
+   * @example
+   * ```ts
+   * export default async function handle(req: Request) {
+   *   const response = await Auth(new SessionRequest(req), authConfig)
+   *   const session = await response.session()
+   *
+   *   if (!session) {
+   *     return new Response("Not authenticated", { status: 401 })
+   *   }
+   *
+   *   console.log(session.user) // Do something with the session
+   *   return response // or return whatever you want.
+   * }
+   * ```
+   */
+  async session(): Promise<Session | null> {
+    try {
+      const data = await this.clone().json()
+      if (!this.ok || !data || !Object.keys(data).length) {
+        return null
+      }
+      return data
+    } catch {
+      return null
+    }
+  }
+}
+
+/**
+ * Extends the standard {@link Request} to add a `providers()` method on the response
+ * for retrieving a list of client-safe provider configuration. Useful for
+ * rendering a list of sign-in options.
+ */
+export class ProvidersRequest extends AuthRequest {
+  action = "providers" as const
+  constructor(req: Request) {
+    super(req.url, req)
+  }
+}
+
+export class ProvidersResponse extends Response {
+  action = "providers" as const
+
+  /**
+   * Returns the list of providers from the response, or `null`
+   * if the providers are unavailable (config error, etc.).
+   * @example
+   * ```ts
+   * export default async function handle(req: Request) {
+   *  const response = await Auth(new ProvidersRequest(req), authConfig)
+   * const providers = await response.providers()
+   * if (!providers) {
+   *  return new Response("Providers unavailable", { status: 500 })
+   *
+   *
+   * console.log(providers) // Do something with the providers
+   * return response // or return whatever you want.
+   * }
+   * ```
+   */
+  async providers(): Promise<PublicProvider[]> {
+    try {
+      if (!this.ok) return []
+      return Object.values(await this.clone().json())
+    } catch {
+      return []
+    }
+  }
+}

packages/core/src/lib/web.ts

@@ -2,6 +2,7 @@ import { parse as parseCookie, serialize } from "cookie"
 import { AuthError, UnknownAction } from "../errors.js"
 
 import type { AuthAction, RequestInternal, ResponseInternal } from "../types.js"
+import { ProvidersRequest, SessionRequest } from "./web-extension.js"
 
 async function getBody(req: Request): Promise<Record<string, any> | undefined> {
   if (!("body" in req) || !req.body || req.method !== "POST") return
@@ -34,8 +35,11 @@ export async function toInternalRequest(
     // see init.ts
     const url = new URL(req.url.replace(/\/$/, ""))
     const { pathname } = url
+    let action: AuthAction | undefined
+    if (req instanceof SessionRequest || req instanceof ProvidersRequest) {
+      action = req.action
+    } else action = actions.find((a) => pathname.includes(a))
 
-    const action = actions.find((a) => pathname.includes(a))
     if (!action) {
       throw new UnknownAction("Cannot detect action.")
     }

packages/next-auth/package.json

@@ -9,7 +9,7 @@
     "Balázs Orbán <info@balazsorban.com>",
     "Nico Domino <yo@ndo.dev>",
     "Lluis Agusti <hi@llu.lu>",
-    "Thang Huu Vu <thvu@hey.com>"
+    "Thang Huu Vu <hi@thvu.dev>"
   ],
   "main": "index.js",
   "module": "index.js",

pnpm-lock.yaml

@@ -258,6 +258,7 @@ importers:
       docusaurus-plugin-typedoc: ^0.18.0
       mdx-mermaid: 1.2.2
       mermaid: 9.0.1
+      next-auth: workspace:*
       prism-react-renderer: 1.3.5
       react: ^18.2.0
       react-dom: ^18.2.0
@@ -272,6 +273,7 @@ importers:
       classnames: 2.3.2
       mdx-mermaid: 1.2.2_mermaid@9.0.1+react@18.2.0
       mermaid: 9.0.1
+      next-auth: link:../packages/next-auth
       prism-react-renderer: 1.3.5_react@18.2.0
       react: 18.2.0
       react-dom: 18.2.0_react@18.2.0

turbo.json

@@ -1,28 +1,19 @@
 {
   "$schema": "https://turborepo.org/schema.json",
   "pipeline": {
-    "docs#build": {
-      "dependsOn": [
-        "^build",
-        "next-auth#build",
-        "@auth/core#build",
-        "@auth/sveltekit#build"
-      ]
-    },
     "build": {
       "dependsOn": ["^build"]
     },
     "next-auth#build": {
       "dependsOn": ["^build"],
       "outputs": [
-        "lib/**",
+        "client/**",
+        "core/**",
         "css/**",
         "jwt/**",
-        "react/**",
         "next/**",
-        "client/**",
         "providers/**",
-        "core/**",
+        "react/**",
         "index.d.ts",
         "index.js",
         "adapters.d.ts",