From 6ddc3293796ae1e1c4d1a2d10134a3b33aeaff13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Orb=C3=A1n?= Date: Mon, 15 Apr 2024 12:22:09 +0200 Subject: [PATCH] fix(ts): reduce public type surface (#10557) * fix(ts): reudce public type surface * change * fix * simplify * simplify * simplify * chore: update links in index.ts * mark `isClientError` as internal --------- Co-authored-by: Nico Domino --- packages/core/src/errors.ts | 1 + packages/core/src/index.ts | 231 +++++++++++++++++- packages/core/src/lib/actions/signout.ts | 3 +- packages/core/src/lib/index.ts | 3 +- packages/core/src/lib/init.ts | 15 +- packages/core/src/lib/utils/assert.ts | 3 +- packages/core/src/lib/utils/env.ts | 3 +- packages/core/src/lib/utils/providers.ts | 3 +- packages/core/src/lib/utils/web.ts | 2 +- packages/core/src/providers/oauth.ts | 9 +- packages/core/src/types.ts | 233 +------------------ packages/frameworks-express/src/index.ts | 9 +- packages/frameworks-solid-start/src/index.ts | 4 +- 13 files changed, 255 insertions(+), 264 deletions(-) diff --git a/packages/core/src/errors.ts b/packages/core/src/errors.ts index faead47c5e..95d7898b3f 100644 --- a/packages/core/src/errors.ts +++ b/packages/core/src/errors.ts @@ -462,6 +462,7 @@ const clientErrors = new Set([ * Used to only allow sending a certain subset of errors to the client. * Errors are always logged on the server, but to prevent leaking sensitive information, * only a subset of errors are sent to the client as-is. + * @internal */ export function isClientError(error: Error): error is AuthError { if (error instanceof AuthError) return clientErrors.has(error.type) diff --git a/packages/core/src/index.ts b/packages/core/src/index.ts index b815e00454..823ff754fe 100644 --- a/packages/core/src/index.ts +++ b/packages/core/src/index.ts @@ -49,18 +49,22 @@ import renderPage from "./lib/pages/index.js" import { logger, setLogger, type LoggerInstance } from "./lib/utils/logger.js" import { toInternalRequest, toResponse } from "./lib/utils/web.js" -import type { Adapter } from "./adapters.js" +import type { Adapter, AdapterSession, AdapterUser } from "./adapters.js" import type { + Account, AuthAction, - CallbacksOptions, + Awaitable, CookiesOptions, - EventCallbacks, + DefaultSession, PagesOptions, + Profile, ResponseInternal, + Session, Theme, + User, } from "./types.js" -import type { Provider } from "./providers/index.js" -import { JWTOptions } from "./jwt.js" +import type { CredentialInput, Provider } from "./providers/index.js" +import { JWT, JWTOptions } from "./jwt.js" import { isAuthAction } from "./lib/utils/actions.js" export { skipCSRFCheck, raw, setEnvDefaults, createActionURL, isAuthAction } @@ -296,7 +300,182 @@ export interface AuthConfig { * Callbacks are *extremely powerful*, especially in scenarios involving JSON Web Tokens * as they **allow you to implement access controls without a database** and to **integrate with external databases or APIs**. */ - callbacks?: Partial + callbacks?: { + /** + * Controls whether a user is allowed to sign in or not. + * Returning `true` continues the sign-in flow. + * Returning `false` or throwing an error will stop the sign-in flow and redirect the user to the error page. + * Returning a string will redirect the user to the specified URL. + * + * Unhandled errors will throw an `AccessDenied` with the message set to the original error. + * + * [`AccessDenied`](https://authjs.dev/reference/errors#accessdenied) + * + * @example + * ```ts + * callbacks: { + * async signIn({ profile }) { + * // Only allow sign in for users with email addresses ending with "yourdomain.com" + * return profile?.email?.endsWith("@yourdomain.com") + * } + * ``` + */ + signIn?: (params: { + user: User | AdapterUser + account: Account | null + /** + * If OAuth provider is used, it contains the full + * OAuth profile returned by your provider. + */ + profile?: Profile + /** + * If Email provider is used, on the first call, it contains a + * `verificationRequest: true` property to indicate it is being triggered in the verification request flow. + * When the callback is invoked after a user has clicked on a sign in link, + * this property will not be present. You can check for the `verificationRequest` property + * to avoid sending emails to addresses or domains on a blocklist or to only explicitly generate them + * for email address in an allow list. + */ + email?: { + verificationRequest?: boolean + } + /** If Credentials provider is used, it contains the user credentials */ + credentials?: Record + }) => Awaitable + /** + * This callback is called anytime the user is redirected to a callback URL (i.e. on signin or signout). + * By default only URLs on the same host as the origin are allowed. + * You can use this callback to customise that behaviour. + * + * [Documentation](https://authjs.dev/reference/core/types#redirect) + * + * @example + * callbacks: { + * async redirect({ url, baseUrl }) { + * // Allows relative callback URLs + * if (url.startsWith("/")) return `${baseUrl}${url}` + * + * // Allows callback URLs on the same origin + * if (new URL(url).origin === baseUrl) return url + * + * return baseUrl + * } + * } + */ + redirect?: (params: { + /** URL provided as callback URL by the client */ + url: string + /** Default base URL of site (can be used as fallback) */ + baseUrl: string + }) => Awaitable + /** + * This callback is called whenever a session is checked. + * (i.e. when invoking the `/api/session` endpoint, using `useSession` or `getSession`). + * The return value will be exposed to the client, so be careful what you return here! + * If you want to make anything available to the client which you've added to the token + * through the JWT callback, you have to explicitly return it here as well. + * + * :::note + * ⚠ By default, only a subset (email, name, image) + * of the token is returned for increased security. + * ::: + * + * The token argument is only available when using the jwt session strategy, and the + * user argument is only available when using the database session strategy. + * + * [`jwt` callback](https://authjs.dev/reference/core/types#jwt) + * + * @example + * ```ts + * callbacks: { + * async session({ session, token, user }) { + * // Send properties to the client, like an access_token from a provider. + * session.accessToken = token.accessToken + * + * return session + * } + * } + * ``` + */ + session?: ( + params: ({ + session: { user: AdapterUser } & AdapterSession + /** Available when {@link AuthConfig.session} is set to `strategy: "database"`. */ + user: AdapterUser + } & { + session: Session + /** Available when {@link AuthConfig.session} is set to `strategy: "jwt"` */ + token: JWT + }) & { + /** + * Available when using {@link AuthConfig.session} `strategy: "database"` and an update is triggered for the session. + * + * :::note + * You should validate this data before using it. + * ::: + */ + newSession: any + trigger?: "update" + } + ) => Awaitable + /** + * This callback is called whenever a JSON Web Token is created (i.e. at sign in) + * or updated (i.e whenever a session is accessed in the client). Anything you + * return here will be saved in the JWT and forwarded to the session callback. + * There you can control what should be returned to the client. Anything else + * will be kept from your frontend. The JWT is encrypted by default via your + * AUTH_SECRET environment variable. + * + * [`session` callback](https://authjs.dev/reference/core/types#session) + */ + jwt?: (params: { + /** + * When `trigger` is `"signIn"` or `"signUp"`, it will be a subset of {@link JWT}, + * `name`, `email` and `image` will be included. + * + * Otherwise, it will be the full {@link JWT} for subsequent calls. + */ + token: JWT + /** + * Either the result of the {@link OAuthConfig.profile} or the {@link CredentialsConfig.authorize} callback. + * @note available when `trigger` is `"signIn"` or `"signUp"`. + * + * Resources: + * - [Credentials Provider](https://authjs.dev/getting-started/authentication/credentials) + * - [User database model](https://authjs.dev/guides/creating-a-database-adapter#user-management) + */ + user: User | AdapterUser + /** + * Contains information about the provider that was used to sign in. + * Also includes {@link TokenSet} + * @note available when `trigger` is `"signIn"` or `"signUp"` + */ + account: Account | null + /** + * The OAuth profile returned from your provider. + * (In case of OIDC it will be the decoded ID Token or /userinfo response) + * @note available when `trigger` is `"signIn"`. + */ + profile?: Profile + /** + * Check why was the jwt callback invoked. Possible reasons are: + * - user sign-in: First time the callback is invoked, `user`, `profile` and `account` will be present. + * - user sign-up: a user is created for the first time in the database (when {@link AuthConfig.session}.strategy is set to `"database"`) + * - update event: Triggered by the `useSession().update` method. + * In case of the latter, `trigger` will be `undefined`. + */ + trigger?: "signIn" | "signUp" | "update" + /** @deprecated use `trigger === "signUp"` instead */ + isNewUser?: boolean + /** + * When using {@link AuthConfig.session} `strategy: "jwt"`, this is the data + * sent from the client via the `useSession().update` method. + * + * ⚠ Note, you should validate this data before using it. + */ + session?: any + }) => Awaitable + } /** * Events are asynchronous functions that do not return a response, they are useful for audit logging. * You can specify a handler for any of these events below - e.g. for debugging or to create an audit log. @@ -307,7 +486,45 @@ export interface AuthConfig { * * @default {} */ - events?: Partial + events?: { + /** + * If using a `credentials` type auth, the user is the raw response from your + * credential provider. + * For other providers, you'll get the User object from your adapter, the account, + * and an indicator if the user was new to your Adapter. + */ + signIn?: (message: { + user: User + account: Account | null + profile?: Profile + isNewUser?: boolean + }) => Awaitable + /** + * The message object will contain one of these depending on + * if you use JWT or database persisted sessions: + * - `token`: The JWT for this session. + * - `session`: The session object from your adapter that is being ended. + */ + signOut?: ( + message: + | { session: Awaited["deleteSession"]>> } + | { token: Awaited> } + ) => Awaitable + createUser?: (message: { user: User }) => Awaitable + updateUser?: (message: { user: User }) => Awaitable + linkAccount?: (message: { + user: User | AdapterUser + account: Account + profile: User | AdapterUser + }) => Awaitable + /** + * The message object will contain one of these depending on + * if you use JWT or database persisted sessions: + * - `token`: The JWT for this session. + * - `session`: The session object from your adapter. + */ + session?: (message: { session: Session; token: JWT }) => Awaitable + } /** You can use the adapter option to pass in your database adapter. */ adapter?: Adapter /** diff --git a/packages/core/src/lib/actions/signout.ts b/packages/core/src/lib/actions/signout.ts index 43157b62da..b09c90933b 100644 --- a/packages/core/src/lib/actions/signout.ts +++ b/packages/core/src/lib/actions/signout.ts @@ -8,7 +8,7 @@ import type { Cookie, SessionStore } from "../utils/cookie.js" * If the session strategy is database, * The session is also deleted from the database. * In any case, the session cookie is cleared and - * {@link EventCallbacks.signOut} is emitted. + * {@link AuthConfig["events"].signOut} is emitted. */ export async function signOut( cookies: Cookie[], @@ -16,7 +16,6 @@ export async function signOut( options: InternalOptions ): Promise { const { jwt, events, callbackUrl: redirect, logger, session } = options - const sessionToken = sessionStore.value if (!sessionToken) return { redirect, cookies } diff --git a/packages/core/src/lib/index.ts b/packages/core/src/lib/index.ts index 5966bcac26..da43c81984 100644 --- a/packages/core/src/lib/index.ts +++ b/packages/core/src/lib/index.ts @@ -5,7 +5,8 @@ import renderPage from "./pages/index.js" import * as actions from "./actions/index.js" import { validateCSRF } from "./actions/callback/oauth/csrf-token.js" -import type { AuthConfig, RequestInternal, ResponseInternal } from "../types.js" +import type { RequestInternal, ResponseInternal } from "../types.js" +import type { AuthConfig } from "../index.js" /** @internal */ export async function AuthInternal( diff --git a/packages/core/src/lib/init.ts b/packages/core/src/lib/init.ts index 950e1d78a3..b67881b6b3 100644 --- a/packages/core/src/lib/init.ts +++ b/packages/core/src/lib/init.ts @@ -8,13 +8,8 @@ import parseProviders from "./utils/providers.js" import { logger, type LoggerInstance } from "./utils/logger.js" import { merge } from "./utils/merge.js" -import type { - AuthConfig, - CallbacksOptions, - EventCallbacks, - InternalOptions, - RequestInternal, -} from "../types.js" +import type { InternalOptions, RequestInternal } from "../types.js" +import type { AuthConfig } from "../index.js" interface InitParams { url: URL @@ -31,7 +26,7 @@ interface InitParams { cookies: RequestInternal["cookies"] } -export const defaultCallbacks: CallbacksOptions = { +export const defaultCallbacks: InternalOptions["callbacks"] = { signIn() { return true }, @@ -201,9 +196,9 @@ type Method = (...args: any[]) => Promise /** Wraps an object of methods and adds error handling. */ function eventsErrorHandler( - methods: Partial, + methods: Partial, logger: LoggerInstance -): Partial { +): Partial { return Object.keys(methods).reduce((acc, name) => { acc[name] = async (...args: any[]) => { try { diff --git a/packages/core/src/lib/utils/assert.ts b/packages/core/src/lib/utils/assert.ts index b08abef986..1c95308043 100644 --- a/packages/core/src/lib/utils/assert.ts +++ b/packages/core/src/lib/utils/assert.ts @@ -14,9 +14,10 @@ import { UntrustedHost, } from "../../errors.js" -import type { AuthConfig, RequestInternal, SemverString } from "../../types.js" +import type { RequestInternal, SemverString } from "../../types.js" import type { WarningCode } from "./logger.js" import { Adapter } from "../../adapters.js" +import type { AuthConfig } from "../../index.js" type ConfigError = | InvalidCallbackUrl diff --git a/packages/core/src/lib/utils/env.ts b/packages/core/src/lib/utils/env.ts index 7a6f958c2f..61c1c7a6f8 100644 --- a/packages/core/src/lib/utils/env.ts +++ b/packages/core/src/lib/utils/env.ts @@ -1,6 +1,7 @@ -import type { AuthAction, AuthConfig } from "../../types.js" +import type { AuthAction } from "../../types.js" import { MissingSecret } from "../../errors.js" import { logger } from "./logger.js" +import type { AuthConfig } from "../../index.js" /** Set default env variables on the config object */ export function setEnvDefaults(envObject: any, config: AuthConfig) { diff --git a/packages/core/src/lib/utils/providers.ts b/packages/core/src/lib/utils/providers.ts index be88eab3bb..7a61b23179 100644 --- a/packages/core/src/lib/utils/providers.ts +++ b/packages/core/src/lib/utils/providers.ts @@ -9,7 +9,8 @@ import type { ProfileCallback, Provider, } from "../../providers/index.js" -import type { AuthConfig, InternalProvider, Profile } from "../../types.js" +import type { InternalProvider, Profile } from "../../types.js" +import type { AuthConfig } from "../../index.js" /** * Adds `signinUrl` and `callbackUrl` to each provider diff --git a/packages/core/src/lib/utils/web.ts b/packages/core/src/lib/utils/web.ts index b6b861aed1..405f4dce74 100644 --- a/packages/core/src/lib/utils/web.ts +++ b/packages/core/src/lib/utils/web.ts @@ -4,11 +4,11 @@ import { logger } from "./logger.js" import type { AuthAction, - AuthConfig, RequestInternal, ResponseInternal, } from "../../types.js" import { isAuthAction } from "./actions.js" +import type { AuthConfig } from "../../index.js" async function getBody(req: Request): Promise | undefined> { if (!("body" in req) || !req.body || req.method !== "POST") return diff --git a/packages/core/src/providers/oauth.ts b/packages/core/src/providers/oauth.ts index 2d4c51442b..f3fd70d4f2 100644 --- a/packages/core/src/providers/oauth.ts +++ b/packages/core/src/providers/oauth.ts @@ -1,12 +1,7 @@ import type { Client } from "oauth4webapi" import type { CommonProviderOptions } from "../providers/index.js" -import type { - AuthConfig, - Awaitable, - Profile, - TokenSet, - User, -} from "../types.js" +import type { Awaitable, Profile, TokenSet, User } from "../types.js" +import type { AuthConfig } from "../index.js" // TODO: fix types type AuthorizationParameters = any diff --git a/packages/core/src/types.ts b/packages/core/src/types.ts index b2d95a4f84..81fe921b2f 100644 --- a/packages/core/src/types.ts +++ b/packages/core/src/types.ts @@ -56,13 +56,12 @@ import type { OAuth2TokenEndpointResponse, OpenIDTokenEndpointResponse, } from "oauth4webapi" -import type { Adapter, AdapterSession, AdapterUser } from "./adapters.js" +import type { Adapter } from "./adapters.js" import { AuthConfig } from "./index.js" -import type { JWT, JWTOptions } from "./jwt.js" +import type { JWTOptions } from "./jwt.js" import type { Cookie } from "./lib/utils/cookie.js" import type { LoggerInstance } from "./lib/utils/logger.js" import type { - CredentialInput, CredentialsConfig, EmailConfig, OAuthConfigInternal, @@ -74,7 +73,6 @@ import type { WebAuthnProviderType, } from "./providers/webauthn.js" -export type { AuthConfig } from "./index.js" export type { LoggerInstance } export type Awaitable = T | PromiseLike export type Awaited = T extends Promise ? U : T @@ -185,184 +183,6 @@ export interface Profile { [claim: string]: unknown } -// TODO: rename `signIn` to `authorized` - -/** Override the default session creation flow of Auth.js */ -export interface CallbacksOptions

{ - /** - * Controls whether a user is allowed to sign in or not. - * Returning `true` continues the sign-in flow. - * Returning `false` or throwing an error will stop the sign-in flow and redirect the user to the error page. - * Returning a string will redirect the user to the specified URL. - * - * Unhandled errors will throw an `AccessDenied` with the message set to the original error. - * - * [`AccessDenied`](https://authjs.dev/reference/errors#accessdenied) - * - * @example - * ```ts - * callbacks: { - * async signIn({ profile }) { - * // Only allow sign in for users with email addresses ending with "yourdomain.com" - * return profile?.email?.endsWith("@yourdomain.com") - * } - * ``` - */ - signIn: (params: { - user: User | AdapterUser - account: A | null - /** - * If OAuth provider is used, it contains the full - * OAuth profile returned by your provider. - */ - profile?: P - /** - * If Email provider is used, on the first call, it contains a - * `verificationRequest: true` property to indicate it is being triggered in the verification request flow. - * When the callback is invoked after a user has clicked on a sign in link, - * this property will not be present. You can check for the `verificationRequest` property - * to avoid sending emails to addresses or domains on a blocklist or to only explicitly generate them - * for email address in an allow list. - */ - email?: { - verificationRequest?: boolean - } - /** If Credentials provider is used, it contains the user credentials */ - credentials?: Record - }) => Awaitable - /** - * This callback is called anytime the user is redirected to a callback URL (i.e. on signin or signout). - * By default only URLs on the same host as the origin are allowed. - * You can use this callback to customise that behaviour. - * - * @example - * callbacks: { - * async redirect({ url, baseUrl }) { - * // Allows relative callback URLs - * if (url.startsWith("/")) return `${baseUrl}${url}` - * - * // Allows callback URLs on the same origin - * if (new URL(url).origin === baseUrl) return url - * - * return baseUrl - * } - * } - */ - redirect: (params: { - /** URL provided as callback URL by the client */ - url: string - /** Default base URL of site (can be used as fallback) */ - baseUrl: string - }) => Awaitable - /** - * This callback is called whenever a session is checked. - * (i.e. when invoking the `/api/session` endpoint, using `useSession` or `getSession`). - * The return value will be exposed to the client, so be careful what you return here! - * If you want to make anything available to the client which you've added to the token - * through the JWT callback, you have to explicitly return it here as well. - * - * :::note - * ⚠ By default, only a subset (email, name, image) - * of the token is returned for increased security. - * ::: - * - * The token argument is only available when using the jwt session strategy, and the - * user argument is only available when using the database session strategy. - * - * [`jwt` callback](https://authjs.dev/reference/core/types#jwt) - * - * @example - * ```ts - * callbacks: { - * async session({ session, token, user }) { - * // Send properties to the client, like an access_token from a provider. - * session.accessToken = token.accessToken - * - * return session - * } - * } - * ``` - */ - session: ( - params: ({ - session: { user: AdapterUser } & AdapterSession - /** Available when {@link AuthConfig.session} is set to `strategy: "database"`. */ - user: AdapterUser - } & { - session: Session - /** Available when {@link AuthConfig.session} is set to `strategy: "jwt"` */ - token: JWT - }) & { - /** - * Available when using {@link AuthConfig.session} `strategy: "database"` and an update is triggered for the session. - * - * :::note - * You should validate this data before using it. - * ::: - */ - newSession: any - trigger?: "update" - } - ) => Awaitable - /** - * This callback is called whenever a JSON Web Token is created (i.e. at sign in) - * or updated (i.e whenever a session is accessed in the client). Anything you - * return here will be saved in the JWT and forwarded to the session callback. - * There you can control what should be returned to the client. Anything else - * will be kept from your frontend. The JWT is encrypted by default via your - * AUTH_SECRET environment variable. - * - * [`session` callback](https://authjs.dev/reference/core/types#session) - */ - jwt: (params: { - /** - * When `trigger` is `"signIn"` or `"signUp"`, it will be a subset of {@link JWT}, - * `name`, `email` and `image` will be included. - * - * Otherwise, it will be the full {@link JWT} for subsequent calls. - */ - token: JWT - /** - * Either the result of the {@link OAuthConfig.profile} or the {@link CredentialsConfig.authorize} callback. - * @note available when `trigger` is `"signIn"` or `"signUp"`. - * - * Resources: - * - [Credentials Provider](https://authjs.dev/getting-started/authentication/credentials) - * - [User database model](https://authjs.dev/guides/creating-a-database-adapter#user-management) - */ - user: User | AdapterUser - /** - * Contains information about the provider that was used to sign in. - * Also includes {@link TokenSet} - * @note available when `trigger` is `"signIn"` or `"signUp"` - */ - account: A | null - /** - * The OAuth profile returned from your provider. - * (In case of OIDC it will be the decoded ID Token or /userinfo response) - * @note available when `trigger` is `"signIn"`. - */ - profile?: P - /** - * Check why was the jwt callback invoked. Possible reasons are: - * - user sign-in: First time the callback is invoked, `user`, `profile` and `account` will be present. - * - user sign-up: a user is created for the first time in the database (when {@link AuthConfig.session}.strategy is set to `"database"`) - * - update event: Triggered by the `useSession().update` method. - * In case of the latter, `trigger` will be `undefined`. - */ - trigger?: "signIn" | "signUp" | "update" - /** @deprecated use `trigger === "signUp"` instead */ - isNewUser?: boolean - /** - * When using {@link AuthConfig.session} `strategy: "jwt"`, this is the data - * sent from the client via the `useSession().update` method. - * - * ⚠ Note, you should validate this data before using it. - */ - session?: any - }) => Awaitable -} - /** [Documentation](https://authjs.dev/reference/core#cookies) */ export interface CookieOption { name: string @@ -380,51 +200,6 @@ export interface CookiesOptions { webauthnChallenge: Partial } -/** - * The various event callbacks you can register for from next-auth - */ -export interface EventCallbacks { - /** - * If using a `credentials` type auth, the user is the raw response from your - * credential provider. - * For other providers, you'll get the User object from your adapter, the account, - * and an indicator if the user was new to your Adapter. - */ - signIn: (message: { - user: User - account: Account | null - profile?: Profile - isNewUser?: boolean - }) => Awaitable - /** - * The message object will contain one of these depending on - * if you use JWT or database persisted sessions: - * - `token`: The JWT for this session. - * - `session`: The session object from your adapter that is being ended. - */ - signOut: ( - message: - | { session: Awaited["deleteSession"]>> } - | { token: Awaited> } - ) => Awaitable - createUser: (message: { user: User }) => Awaitable - updateUser: (message: { user: User }) => Awaitable - linkAccount: (message: { - user: User | AdapterUser - account: Account - profile: User | AdapterUser - }) => Awaitable - /** - * The message object will contain one of these depending on - * if you use JWT or database persisted sessions: - * - `token`: The JWT for this session. - * - `session`: The session object from your adapter. - */ - session: (message: { session: Session; token: JWT }) => Awaitable -} - -export type EventType = keyof EventCallbacks - /** TODO: Check if all these are used/correct */ export type ErrorPageParam = "Configuration" | "AccessDenied" | "Verification" @@ -640,9 +415,9 @@ export interface InternalOptions { session: NonNullable> pages: Partial jwt: JWTOptions - events: Partial + events: NonNullable adapter: Required | undefined - callbacks: CallbacksOptions + callbacks: NonNullable> cookies: Record callbackUrl: string /** diff --git a/packages/frameworks-express/src/index.ts b/packages/frameworks-express/src/index.ts index 60f026f288..4f2c825261 100644 --- a/packages/frameworks-express/src/index.ts +++ b/packages/frameworks-express/src/index.ts @@ -124,8 +124,13 @@ * @module @auth/express */ -import { Auth, setEnvDefaults, createActionURL } from "@auth/core" -import type { AuthConfig, Session } from "@auth/core/types" +import { + Auth, + type AuthConfig, + setEnvDefaults, + createActionURL, +} from "@auth/core" +import type { Session } from "@auth/core/types" import * as e from "express" import { toWebRequest, toExpressResponse } from "./lib/index.js" diff --git a/packages/frameworks-solid-start/src/index.ts b/packages/frameworks-solid-start/src/index.ts index 7184a56fd2..adc264ab6c 100644 --- a/packages/frameworks-solid-start/src/index.ts +++ b/packages/frameworks-solid-start/src/index.ts @@ -16,8 +16,8 @@ * @module @auth/solid-start */ -import { Auth } from "@auth/core" -import type { AuthAction, AuthConfig, Session } from "@auth/core/types" +import { Auth, type AuthConfig } from "@auth/core" +import type { AuthAction, Session } from "@auth/core/types" export { AuthError, CredentialsSignin } from "@auth/core/errors" export type {