cricks_unmixed4u
README.md

Val Town Authentication Library

A modular authentication library for Val Town with support for multiple OAuth providers.

Step 0 Implementation - GitHub OAuth

This implementation provides a complete GitHub OAuth 2.0 flow with the following features:

โœ… Implemented Features

  • GitHub OAuth 2.0 Authorization Code Flow - Secure OAuth implementation
  • JWT-based Session Management - Stateless authentication tokens
  • CSRF Protection - State parameter validation to prevent attacks
  • Secure HTTP-only Cookies - Prevents XSS token theft
  • Hono Middleware - Easy integration with Hono applications
  • React Hooks & Components - Ready-to-use frontend components
  • Modular Architecture - Adapter pattern for multiple auth providers

๐Ÿ—๏ธ Architecture

auth/
โ”œโ”€โ”€ core/
โ”‚   โ”œโ”€โ”€ types.ts           # TypeScript interfaces
โ”‚   โ”œโ”€โ”€ signer.ts          # JWT signing/verification
โ”‚   โ””โ”€โ”€ adapters.ts        # Auth provider implementations
โ”œโ”€โ”€ hono/
โ”‚   โ”œโ”€โ”€ createMiddleware.ts # Middleware factory
โ”‚   โ””โ”€โ”€ github.ts          # GitHub-specific routes
โ”œโ”€โ”€ react/
โ”‚   โ”œโ”€โ”€ createHook.ts      # React hook factory
โ”‚   โ”œโ”€โ”€ createComponents.ts # Component factory
โ”‚   โ””โ”€โ”€ github.tsx         # GitHub components
โ””โ”€โ”€ index.ts               # Main exports

๐Ÿ”ง Setup

  1. Environment Variables

    GITHUB_CLIENT_ID=your_github_client_id
GITHUB_CLIENT_SECRET=your_github_client_secret
JWT_SECRET=your_secure_jwt_secret

  2. GitHub OAuth App Configuration

    • Authorization callback URL: https://your-domain.com/auth/github/callback
    • Requested scopes: user:email, read:user

๐Ÿš€ Usage

import { Hono } from "hono";
import { createGitHubAuthRoutes, githubAuthMiddleware } from "./auth/hono/github.ts";

const app = new Hono();

// Add auth routes
const authRoutes = createGitHubAuthRoutes();
app.route("/", authRoutes);

// Protect API routes
app.get("/api/me", githubAuthMiddleware, (c) => {
  const user = c.get("user");
  return c.json(user);
});

๐Ÿ”’ Security Features

  • CSRF Protection: State parameter validation
  • Secure Cookies: HttpOnly, Secure, SameSite=Lax
  • JWT Validation: Proper token verification with expiration
  • Environment Variables: No hardcoded secrets
  • Error Handling: Proper error bubbling and logging

โณ Placeholder Implementations

  • Val Town Adapter: Throws "not implemented" error
  • Password Adapter: Throws "not implemented" error

These will be implemented in future steps.

๐Ÿงช Demo

Run the main.tsx file to see a working demonstration of the GitHub OAuth flow with a beautiful UI built using React and TailwindCSS.

๐Ÿ“ Next Steps

  1. Implement Val Town API key authentication
  2. Implement password-based authentication
  3. Add refresh token support
  4. Add user profile management
  5. Add role-based access control